Merge "sepolicy: ashmem entry point for libcutils"

commit: e612ecd6ed9c54ded9e7e48797925eecbc829746 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Sep 26 17:56:53 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Sep 26 17:56:53 2019 +0000
tree: 7947825d1121d3ee179f58f5d91d18677a5e01c6
parent: 38dfd3080a96d5b3f1a6de418e03ae2f3cfe0474 [diff]
parent: a7f61021b798cd7b35f81b12340d9ba216808c0b [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 84eff89..4257087 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    ashmem_libcutils_device
     boringssl_self_test
     charger_prop
     cold_boot_done_prop

diff --git a/private/file_contexts b/private/file_contexts
index 1e9549c..b1b100e 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -75,6 +75,7 @@
 /dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
+/dev/ashmem(.*)?	u:object_r:ashmem_libcutils_device:s0
 /dev/audio.*		u:object_r:audio_device:s0
 /dev/binder		u:object_r:binder_device:s0
 /dev/block(/.*)?	u:object_r:block_device:s0

diff --git a/public/device.te b/public/device.te
index e20a68b..fad0f61 100644
--- a/public/device.te
+++ b/public/device.te

@@ -1,6 +1,7 @@
 # Device types
 type device, dev_type, fs_type;
 type ashmem_device, dev_type, mlstrustedobject;
+type ashmem_libcutils_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
 type hwbinder_device, dev_type, mlstrustedobject;

diff --git a/public/domain.te b/public/domain.te
index 28fd39e..8af3086 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -80,6 +80,9 @@
   -untrusted_app_all
 } ashmem_device:chr_file rw_file_perms;
 
+# This device is used by libcutils.
+allow domain ashmem_libcutils_device:chr_file rw_file_perms;
+
 # Allow using fds to /dev/ashmem.
 allow domain ashmem_server:fd use;
 

diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index 172e686..f00b25a 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te

@@ -17,3 +17,6 @@
 # allow sensor hal to use lock for keeping system awake for wake up
 # events delivery.
 wakelock_use(hal_sensors_default);
+
+# allow sensor hal to use ashmem fd from system_server.
+allow hal_sensors_default system_server:fd use;
commit	e612ecd6ed9c54ded9e7e48797925eecbc829746	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Sep 26 17:56:53 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Sep 26 17:56:53 2019 +0000
tree	7947825d1121d3ee179f58f5d91d18677a5e01c6
parent	38dfd3080a96d5b3f1a6de418e03ae2f3cfe0474 [diff]
parent	a7f61021b798cd7b35f81b12340d9ba216808c0b [diff]