Allow hal_graphics_allocator to access vendor files
Test: take pics / video / use maps / watch Youtube, then
dmesg doesn't show denials for hal_graphics_allocator_default
reading files.
Bug: 36462585
Change-Id: I645b8ae6ee7fbd0b6c56c069e4e2f32eac5ce308
diff --git a/sepolicy/file.te b/sepolicy/file.te
index eee487e..7582be8 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -18,6 +18,7 @@
type qmuxd_socket, file_type;
type ssr_data_file, file_type, data_file_type;
type sysfs_gpu_tuning, sysfs_type, fs_type;
+type sysfs_hal_gralloc, sysfs_type, fs_type;
type sysfs_fingerprintd, sysfs_type, fs_type;
type sysfs_msm_subsys, sysfs_type, fs_type;
type sysfs_msm_subsys_toggle, sysfs_type, fs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 5af5517..3447439 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -102,6 +102,10 @@
/sys/devices/virtual/graphics/fb1/vendor_name -- u:object_r:sysfs_surfaceflinger:s0
/sys/devices/virtual/graphics/fb1/product_description -- u:object_r:sysfs_surfaceflinger:s0
+# Sysfs files used by gralloc hal
+/sys/devices/virtual/graphics/fb[0-1]/msm_.* u:object_r:sysfs_hal_gralloc:s0
+/sys/devices/soc.0/fd900000.qcom,mdss_mdp/caps u:object_r:sysfs_hal_gralloc:s0
+
# Sysfs files used by qmuxd
/sys/devices/virtual/smdpkt/smdcntl([0-9])+/open_timeout u:object_r:sysfs_smdcntl_open_timeout:s0
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0
diff --git a/sepolicy/hal_graphics_allocator.te b/sepolicy/hal_graphics_allocator.te
new file mode 100644
index 0000000..a4479de
--- /dev/null
+++ b/sepolicy/hal_graphics_allocator.te
@@ -0,0 +1,2 @@
+
+allow hal_graphics_allocator sysfs_hal_gralloc:file r_file_perms;
