From b5dbbdf9cb0c0c5ac9fe933bcbeaf3be56d19fac Mon Sep 17 00:00:00 2001 From: Steve Kondik Date: Tue, 15 Sep 2015 04:09:03 -0700 Subject: [PATCH] cm: sepolicy: Create standard policy for LiveDisplay Change-Id: Icb0047f261861c8fae99ffa4e9053de8d3aa8c73 --- sepolicy/file.te | 3 +++ sepolicy/file_contexts | 6 ++++++ sepolicy/livedisplay.te | 2 ++ sepolicy/sepolicy.mk | 1 + 4 files changed, 12 insertions(+) create mode 100644 sepolicy/livedisplay.te diff --git a/sepolicy/file.te b/sepolicy/file.te index 91b89a3b..1a003394 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -14,3 +14,6 @@ type recovery_cache_file, file_type, mlstrustedobject; # Persistent property storage type persist_property_file, file_type; + +# Knobs for LiveDisplay +type livedisplay_sysfs, sysfs_type, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 4c6baecb..c706a5d7 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -37,3 +37,9 @@ # Persistent properties /persist/properties u:object_r:persist_property_file:s0 + +# LiveDisplay +/sys/devices/virtual/graphics/fb0/aco u:object_r:livedisplay_sysfs:s0 +/sys/devices/virtual/graphics/fb0/cabc u:object_r:livedisplay_sysfs:s0 +/sys/devices/virtual/graphics/fb0/rgb u:object_r:livedisplay_sysfs:s0 +/sys/devices/virtual/graphics/fb0/sre u:object_r:livedisplay_sysfs:s0 diff --git a/sepolicy/livedisplay.te b/sepolicy/livedisplay.te new file mode 100644 index 00000000..a260e079 --- /dev/null +++ b/sepolicy/livedisplay.te @@ -0,0 +1,2 @@ +# Various knobs used by LiveDisplay +allow system_server livedisplay_sysfs:file rw_file_perms; diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 382e2414..75f4b090 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -21,6 +21,7 @@ BOARD_SEPOLICY_UNION += \ healthd.te \ hostapd.te \ installd.te \ + livedisplay.te \ mediaserver.te \ netd.te \ property.te \