PawletOS/android_device_brcm_rpi5
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sepolicy: graphics: address some denials

Browse Source 
* Labeling vendor allocator libraries became necessary for some reason
  after moving minigbm gralloc to APEX.
* Address remaining drm_hwcomposer denials.
This commit is contained in:
Konsta
2025-11-10 16:23:54 +02:00
parent b0ac7bf7c7
commit 67433cbc2b
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sepolicy/file_contexts
View File

@@ -6,10 +6,11 @@
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
# Graphics
/dev/dri(/.*)? u:object_r:gpu_device:s0
/vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libgallium_dri\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libui\.so u:object_r:same_process_hal_file:s0
/dev/dri(/.*)? u:object_r:gpu_device:s0
/vendor/lib64/android\.hardware\.graphics\.allocator@[2-4]\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libgallium_dri\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libui\.so u:object_r:same_process_hal_file:s0
# Partitions
/dev/block/mmcblk0p1 u:object_r:boot_block_device:s0

2
sepolicy/hal_graphics_composer_default.te
View File

@@ -1,3 +1,5 @@
vndbinder_use(hal_graphics_composer_default)
gpu_access(hal_graphics_composer_default)
get_prop(hal_graphics_composer_default, vendor_hwc_config_prop)
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { bind create read };