commit 75e688d066c1c3e71dd608a4fde1da605d921526
author Uday Kiran Pichika <pichika@codeaurora.org> Sat Aug 19 13:16:45 2017 +0530
committer Uday Kiran Pichika <pichika@codeaurora.org> Sat Aug 19 13:16:45 2017 +0530
tree 09465cfb9f84e577315142967a61dafaf0a2f81a
parent 2dbf7d3912db0d50abe276356d682f461daefb62

sepolicy: Remove generic 'sysfs' label access for display

- Added the sysfs nodes access for the display module

CRs-Fixed: 2059910
Change-Id: I28b07a03361f48862b6033486343e3cd37f037c2

common/file_contexts

diff --git a/common/file_contexts b/common/file_contexts
index f73f60f..6879dba 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -330,6 +330,7 @@
 /sys/devices/virtual/graphics/fb([0-3])+/s3d_mode                   u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_info          u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/msm_fb_type                u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_split               u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/show_blank_event           u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/bl_event                   u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/ad_event                   u:object_r:sysfs_graphics:s0
@@ -337,6 +338,12 @@
 /sys/devices/virtual/graphics/fb([0-3])+/hist_event                 u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/vsync_event                u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-3])+/lineptr_event              u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/idle_notify                u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_thermal_level       u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/idle_power_collapse        u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/mode                       u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-3])+/name                       u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/rotator/mdss_rotator/caps                      u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/workqueue/kgsl-events/cpumask                  u:object_r:sysfs_kgsl:s0
 /sys/devices/virtual/workqueue/kgsl-events/nice                     u:object_r:sysfs_kgsl:s0
 /sys/devices/virtual/workqueue/kgsl-workqueue/cpumask               u:object_r:sysfs_kgsl:s0
@@ -348,9 +355,14 @@
 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/backlight(/.*)?     u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/switch/hdmi(/.*)?                              u:object_r:sysfs_graphics:s0
 /sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/[a-z0-9]+.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight(/.*)?   u:object_r:sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/caps                       u:object_r:sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/video4linux/video[0-63]/name  u:object_r:sysfs_graphics:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/caps           u:object_r:sysfs_graphics:s0
+/sys/devices/soc/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap             u:object_r:sysfs_graphics:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap             u:object_r:sysfs_graphics:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_cam/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
 /sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/caps       u:object_r:sysfs_graphics:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,vidc/video4linux/video[0-33]/name(/.*)?   u:object_r:video_device:s0
+/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,cci/[a-z0-9]+.qcom,cci:qcom,camera@[0-2]/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
 /sys/bus/platform/drivers/xhci_msm_hsic(/.*)?                       u:object_r:sysfs_hsic:s0
 /sys/devices/msm_hsic_host/host_ready                               u:object_r:sysfs_hsic_host_rdy:s0
 /sys/bus/esoc(/.*)?                                                 u:object_r:sysfs_esoc:s0

common/hal_graphics_composer.te

diff --git a/common/hal_graphics_composer.te b/common/hal_graphics_composer.te
index 03ef6f5..aa530e2 100644
--- a/common/hal_graphics_composer.te
+++ b/common/hal_graphics_composer.te
@@ -83,3 +83,7 @@
 
 # Allow composer access to perf
 hal_client_domain(hal_graphics_composer_default, hal_perf)
+
+# Access /dev/graphics/fb0.
+allow hal_graphics_composer graphics_device:chr_file rw_file_perms;
+allow hal_graphics_composer graphics_device:dir r_dir_perms;
\ No newline at end of file

sdm660/file_contexts

diff --git a/sdm660/file_contexts b/sdm660/file_contexts
index b0752bc..8674105 100644
--- a/sdm660/file_contexts
+++ b/sdm660/file_contexts
@@ -143,15 +143,3 @@
 #
 /vendor/lib(64)?/hw/gralloc\.sdm660\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/vulkan\.sdm660\.so    u:object_r:same_process_hal_file:s0
-
-###############################################################################
-# sysfs
-#
-
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_cam/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,mdss_rotator/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,vidc/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,cci/[a-z0-9]+.qcom,cci:qcom,camera@[0-2]/video4linux/video[0-33]/name(/.*)?   u:object_r:sysfs_graphics:s0
-/sys/devices/soc/[a-z0-9]+.qcom,mdss_mdp/bw_mode_bitmap  u:object_r:sysfs_graphics:s0
-/sys/devices/soc/[a-z0-9]+.qcom,jpeg/video4linux/video[0-33]/name  u:object_r:sysfs_graphics:s0
-#/sys/devices/soc/[a-z0-9]+.qcom,mdss_rotator/caps(/.*)?  u:object_r:sysfs_type:s0