Home | History | Annotate | Download | only in common 
      1 # Binder access (for display.qservice)
      2 vndbinder_use(hal_graphics_composer_default)
      3 allow hal_graphics_composer_default qdisplay_service:service_manager { add find };
      4 
      5 allow hal_graphics_composer_default sysfs_camera:dir search;
      6 allow hal_graphics_composer_default sysfs_camera:file r_file_perms;
      7 allow hal_graphics_composer_default sysfs_msm_subsys:dir search;
      8 allow hal_graphics_composer_default sysfs_msm_subsys:file r_file_perms;
      9 allow hal_graphics_composer_default sysfs_mdss_mdp_caps:file r_file_perms;
     10 allow hal_graphics_composer_default mnt_vendor_file:dir search;
     11 allow hal_graphics_composer_default persist_file:dir search;
     12 
     13 userdebug_or_eng(`
     14   allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
     15 ')
     16 
     17 # Allow dir search in '/mnt/vendor'
     18 allow hal_graphics_composer_default mnt_vendor_file:dir search;
     19 allow hal_graphics_composer_default mnt_vendor_file:file r_file_perms;
     20 
     21 # Allow dir search in '/mnt/vendor/persist/display(/.*)?'
     22 allow hal_graphics_composer_default persist_display_file:dir r_dir_perms;
     23 allow hal_graphics_composer_default persist_display_file:file r_file_perms;
     24 
     25 # Allow dir search in '/oem'
     26 allow hal_graphics_composer_default oemfs:dir r_dir_perms;
     27 
     28 allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
     29 
     30 hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
     31 
     32 r_dir_file(hal_graphics_composer_default, sysfs_leds)
     33 
     34 allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
     35 
     36 # HWC_UeventThread
     37 allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
     38 
     39 # Access /sys/devices/virtual/graphics/fb0
     40 r_dir_file(hal_graphics_composer_default, sysfs_type)
     41 
     42 allow hal_graphics_composer_default display_vendor_data_file:dir create_dir_perms;
     43 allow hal_graphics_composer_default display_vendor_data_file:file create_file_perms;
     44 
     45 # Rule for pps socket usage
     46 unix_socket_connect(hal_graphics_composer_default, pps, mm-pp-daemon)
     47 
     48 # allow composer to register display config
     49 add_hwservice(hal_graphics_composer_default, hal_display_config_hwservice);
     50 
     51 #allow composer access hal_light
     52 hal_client_domain(hal_graphics_composer_default, hal_light);
     53 allow hal_graphics_composer_default hal_light_hwservice:hwservice_manager find;
     54 
     55 userdebug_or_eng(`
     56         allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
     57         allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
     58 ')
     59 
     60 dontaudit hal_graphics_composer_default kernel:system module_request;
     61 
     62 dontaudit hal_graphics_composer_default vendor_display_prop:file r_file_perms;
     63