diff options
| author | Vladimir Oltean <olteanv@gmail.com> | 2019-01-21 23:11:24 +0200 |
|---|---|---|
| committer | Han Wang <416810799@qq.com> | 2019-01-29 06:19:29 +0100 |
| commit | a7c956f7f492c9bfbd432ee8230589d3320e3895 (patch) | |
| tree | 94459997b78762ae3d7db27d6a13d25dbc01a96d | |
| parent | 81a0d0e49da08a36f0ec4456d230cf9afe2f869f (diff) | |
oneplus2: sepolicy: label display.qservice as vndservice
* This works against "fff950dd legacy: Correctly label display.qservice"
which labels display.qservice as a system service, and partially reverts
"7a87faa3 sepolicy: allow msm8994 hwcomposer to run properly as binderized"
which added access rules to display.qservice when it had the default label.
* Neither labeling as service or as vndservice is "correct" as it is not
a matter of correctness, but of whether the hwcomposer HAL is in
passthrough mode (hence display.qservice is a service) or in
binderized mode (hence display.qservice is a vndservice). Our device
falls in the latter category.
Change-Id: Ice02b47aad352c63e197843031900e132de56e45
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
| -rw-r--r-- | sepolicy/hal_graphics_composer_default.te | 3 | ||||
| -rw-r--r-- | sepolicy/vndservice.te | 1 | ||||
| -rw-r--r-- | sepolicy/vndservice_contexts | 1 |
3 files changed, 3 insertions, 2 deletions
diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te index fdc83e9..9485315 100644 --- a/sepolicy/hal_graphics_composer_default.te +++ b/sepolicy/hal_graphics_composer_default.te @@ -1,8 +1,7 @@ allow hal_graphics_composer_default display_prop:file { getattr open read }; allow hal_graphics_composer_default mpctl_socket:dir search; allow hal_graphics_composer_default sysfs_graphics:lnk_file read; -allow hal_graphics_composer_default qdisplay_service:service_manager { add find }; -allow hal_graphics_composer_default default_android_vndservice:service_manager { find add }; +allow hal_graphics_composer_default qdisplay_vndservice:service_manager { find add }; allow hal_graphics_composer_default display_misc_file:dir create_dir_perms; allow hal_graphics_composer_default display_misc_file:file create_file_perms; allow hal_graphics_composer_default display_prop:property_service set; diff --git a/sepolicy/vndservice.te b/sepolicy/vndservice.te new file mode 100644 index 0000000..fd6ed23 --- /dev/null +++ b/sepolicy/vndservice.te @@ -0,0 +1 @@ +type qdisplay_vndservice, vndservice_manager_type; diff --git a/sepolicy/vndservice_contexts b/sepolicy/vndservice_contexts new file mode 100644 index 0000000..3139cfa --- /dev/null +++ b/sepolicy/vndservice_contexts @@ -0,0 +1 @@ +display.qservice u:object_r:qdisplay_vndservice:s0 |