Diffstat (limited to 'evs/sepolicy/evs_app.te')
1 files changed, 5 insertions, 7 deletions
diff --git a/evs/sepolicy/evs_app.te b/evs/sepolicy/evs_app.te
index ef78f0b1..098499a5 100644
--- a/evs/sepolicy/evs_app.te
+++ b/evs/sepolicy/evs_app.te
@@ -2,6 +2,8 @@
2type evs_app, domain, coredomain; 2type evs_app, domain, coredomain;
3hal_client_domain(evs_app, hal_evs) 3hal_client_domain(evs_app, hal_evs)
4hal_client_domain(evs_app, hal_vehicle) 4hal_client_domain(evs_app, hal_vehicle)
5hal_client_domain(evs_app, hal_configstore)
6hal_client_domain(evs_app, hal_graphics_allocator)
5 7
6# allow init to launch processes in this context 8# allow init to launch processes in this context
7type evs_app_exec, exec_type, file_type; 9type evs_app_exec, exec_type, file_type;
@@ -13,10 +15,6 @@ allow evs_app evs_app_files:file { getattr open read };
13allow evs_app evs_app_files:dir search; 15allow evs_app evs_app_files:dir search;
14 16
15# Allow use of gralloc buffers and EGL 17# Allow use of gralloc buffers and EGL
16allow evs_app hal_graphics_allocator_default:fd use; 18allow evs_app gpu_device:chr_file rw_file_perms;
17allow evs_app gpu_device:chr_file ioctl; 19allow evs_app ion_device:chr_file r_file_perms;
18allow evs_app gpu_device:chr_file { getattr open read write }; 20allow evs_app system_file:dir r_dir_perms;
20# Permit communication with the vehicle HAL
21# (Communcations with the rest of the EVS stack is allowed via hal_evs)
22binder_call(evs_app, hal_vehicle);