Merge "Allow SurfaceFlinger to read/write Unix sockets from automotive_display_service" into main

commit: bbee00e4ba58be49d7545cd818da0f86b5bd9c5a [log] [tgz]
author: Patrick Williams <pdwilliams@google.com> Fri Oct 18 19:53:55 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Oct 18 19:53:55 2024 +0000
tree: fe375a7c87e3d210d632c749ba18747af436c171
parent: 53f80377562bdc1d3236ec98377366eda6d37eae [diff]
parent: eec9b70daa1cc080f75a6feef2feeba584c7d422 [diff]
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 547cc7c..1e0e1ef 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -85,9 +85,14 @@
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
 
-# Allow reading and writing to sockets used for BLAST buffer releases
+# Allow reading and writing to sockets used for BLAST buffer releases.
+# SurfaceFlinger never reads from these sockets but needs read permissions in order to receive
+# the file descriptors over binder. There's no mechanism to mark a socket as write-only.
+# shutdown is used to close the read-end of the sockets that are sent to SurfaceFlinger. See
+# b/353597444
 allow surfaceflinger { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:unix_stream_socket { read write };
 allow surfaceflinger bootanim:unix_stream_socket { read write };
+allow surfaceflinger automotive_display_service:unix_stream_socket { read write };
 
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
commit	bbee00e4ba58be49d7545cd818da0f86b5bd9c5a	[log] [tgz]
author	Patrick Williams <pdwilliams@google.com>	Fri Oct 18 19:53:55 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Oct 18 19:53:55 2024 +0000
tree	fe375a7c87e3d210d632c749ba18747af436c171
parent	53f80377562bdc1d3236ec98377366eda6d37eae [diff]
parent	eec9b70daa1cc080f75a6feef2feeba584c7d422 [diff]