[ALPS04501667] SELINUX: Kernel API dump of GED access
Add sepolicy to resolve the kernel api dump.
MTK-Commit-Id: 471082eb801521fcba7cb9a2dc9105e9832047b7
Change-Id: Ica2001bcb4c998f2cdb2cba26f5351ea72c65153
Signed-off-by: Figo Wang <figo.wang@mediatek.com>
CR-Id: ALPS04501667
Feature: Power Management
diff --git a/non_plat/hal_graphics_allocator.te b/non_plat/hal_graphics_allocator.te
index a084d1d..310c04a 100644
--- a/non_plat/hal_graphics_allocator.te
+++ b/non_plat/hal_graphics_allocator.te
@@ -3,5 +3,3 @@
# Purpose : Add policy for gralloc HIDL
allow hal_graphics_allocator proc_ged:file { read ioctl open };
-
-allowxperm hal_graphics_allocator_default proc_ged:file ioctl { GED_BRIDGE_IO_GE_ALLOC GED_BRIDGE_IO_GE_GET };
diff --git a/non_plat/hal_graphics_allocator_default.te b/non_plat/hal_graphics_allocator_default.te
index 573d2be..921aaac 100644
--- a/non_plat/hal_graphics_allocator_default.te
+++ b/non_plat/hal_graphics_allocator_default.te
@@ -15,4 +15,13 @@
allow hal_graphics_allocator_default debugfs_tracing:file write;
#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default debugfs_tracing:file open;
\ No newline at end of file
+allow hal_graphics_allocator_default debugfs_tracing:file open;
+
+#============= hal_graphics_allocator_default ==============
+allow hal_graphics_allocator_default proc_ged:file r_file_perms;
+allowxperm hal_graphics_allocator_default proc_ged:file ioctl {
+GED_BRIDGE_IO_GE_ALLOC
+GED_BRIDGE_IO_GE_GET
+GED_BRIDGE_IO_GE_SET
+};
+
