diff options
Diffstat (limited to 'evs/sepolicy/evs_driver.te')
-rw-r--r-- | evs/sepolicy/evs_driver.te | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/evs/sepolicy/evs_driver.te b/evs/sepolicy/evs_driver.te index 5d316a49..dcf67003 100644 --- a/evs/sepolicy/evs_driver.te +++ b/evs/sepolicy/evs_driver.te | |||
@@ -5,16 +5,16 @@ hal_server_domain(hal_evs_driver, hal_evs) | |||
5 | # allow init to launch processes in this context | 5 | # allow init to launch processes in this context |
6 | type hal_evs_driver_exec, exec_type, file_type; | 6 | type hal_evs_driver_exec, exec_type, file_type; |
7 | init_daemon_domain(hal_evs_driver) | 7 | init_daemon_domain(hal_evs_driver) |
8 | binder_use(hal_evs_driver) | ||
8 | 9 | ||
9 | # Allow use of USB devices, gralloc buffers, and surface flinger | 10 | # Allow use of USB devices, gralloc buffers, and surface flinger |
10 | allow hal_evs_driver device:dir { open read }; | 11 | allow hal_evs_driver device:dir { open read }; |
11 | allow hal_evs_driver video_device:chr_file { ioctl open read write }; | 12 | allow hal_evs_driver video_device:chr_file rw_file_perms; |
12 | hal_client_domain(hal_evs_driver, hal_graphics_allocator); | 13 | hal_client_domain(hal_evs_driver, hal_graphics_allocator); |
14 | hal_client_domain(hal_evs_driver, hal_graphics_composer) | ||
15 | hal_client_domain(hal_evs_driver, hal_configstore) | ||
13 | 16 | ||
14 | allow hal_evs_driver gpu_device:chr_file { getattr ioctl open read write }; | 17 | allow hal_evs_driver gpu_device:chr_file rw_file_perms; |
15 | binder_call(hal_evs_driver, surfaceflinger); | 18 | binder_call(hal_evs_driver, surfaceflinger); |
16 | allow hal_evs_driver surfaceflinger_service:service_manager find; | 19 | allow hal_evs_driver surfaceflinger_service:service_manager find; |
17 | allow hal_evs_driver hal_graphics_composer_default:fd use; | 20 | allow hal_evs_driver ion_device:chr_file r_file_perms; |
18 | allow hal_evs_driver hal_graphics_allocator_default_tmpfs:file { read write }; | ||
19 | allow hal_evs_driver self:capability dac_override; | ||
20 | allow hal_evs_driver servicemanager:binder call; | ||