PawletOS/android_device_brcm_rpi5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sepolicy: various fixes for graphics

Browse Source
This commit is contained in:
Konsta
2025-03-28 13:54:23 +02:00
parent 4596a7546d
commit 22a75c85a4
6 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
sepolicy/file_contexts
View File

@@ -14,12 +14,7 @@
/vendor/bin/hw/android\.hardware\.media\.c2@1\.2-service-ffmpeg u:object_r:mediacodec_exec:s0
# Graphics
/dev/dri u:object_r:gpu_device:s0
/dev/dri/card0 u:object_r:gpu_device:s0
/dev/dri/card1 u:object_r:gpu_device:s0
/dev/dri/card2 u:object_r:gpu_device:s0
/dev/dri/card3 u:object_r:gpu_device:s0
/dev/dri/renderD128 u:object_r:gpu_device:s0
/dev/dri(/.*)? u:object_r:gpu_device:s0
/vendor/bin/hw/android\.hardware\.graphics\.allocator-service\.minigbm_gbm_mesa u:object_r:hal_graphics_allocator_default_exec:s0
/vendor/lib(64)?/hw/mapper\.minigbm_gbm_mesa\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.broadcom\.so u:object_r:same_process_hal_file:s0
@@ -27,9 +22,10 @@
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgallium_dri\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgbm_mesa\.so u:object_r:same_process_hal_file:s0
/vendor/lib{64}?/libgbm_mesa_wrapper\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgbm_mesa_wrapper\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libminigbm_gralloc_gbm_mesa\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libminigbm_gralloc4_utils_gbm_mesa\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libui\.so u:object_r:same_process_hal_file:s0
# Lights
/sys/class/backlight/11-0045/brightness u:object_r:sysfs_leds:s0

7
sepolicy/genfs_contexts
View File

@@ -1,3 +1,6 @@
genfscon sysfs /devices/platform/v3dbus/fec00000.v3d/uevent u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/gpu/uevent u:object_r:sysfs_gpu:s0
# Graphics
genfscon sysfs /devices/platform/axi/1002000000.v3d u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/axi/axi:gpu u:object_r:sysfs_gpu:s0
# Serial number
genfscon sysfs /firmware/devicetree/base/serial-number u:object_r:sysfs_dt_firmware_android:s0

6
sepolicy/hal_camera.te
View File

@@ -8,7 +8,5 @@ allow cameraserver device:dir r_dir_perms;
allow cameraserver video_device:dir r_dir_perms;
allow cameraserver video_device:chr_file rw_file_perms;
allow hal_camera_default gpu_device:dir { open read search };
allow hal_camera_default gpu_device:chr_file { open read write ioctl map getattr };
allow cameraserver gpu_device:dir { open read write search getattr };
allow cameraserver gpu_device:chr_file { open read write ioctl map getattr };
gpu_access(hal_camera_default)
gpu_access(cameraserver)

1
sepolicy/mediaprovider.te
View File

@@ -1 +0,0 @@
gpu_access(surfaceflinger)

1
sepolicy/mediaswcodec.te
View File

@@ -1,2 +1 @@
gpu_access(mediaswcodec)
allow mediaswcodec gpu_device:chr_file { getattr ioctl map open read write };

7
sepolicy/te_macros
View File

@@ -2,7 +2,8 @@
# gpu_access(client_domain)
# Allow client_domain to communicate with the GPU
define(`gpu_access', `
allow $1 gpu_device:dir { open read search getattr };
allow $1 gpu_device:chr_file { open read getattr ioctl map write };
allow $1 sysfs_gpu:file { getattr open read };
allow $1 gpu_device:dir r_dir_perms;
allow $1 gpu_device:chr_file rw_file_perms;
allow $1 sysfs_gpu:dir r_dir_perms;
allow $1 sysfs_gpu:file r_file_perms;
')