Allow surfaceflinger to read and write app Unix sockets Bug: 294133380 Test: presubmits Change-Id: Ib184ca027d26aaaa6cf6368e10c3e0fd981ce4ad

commit: e85c8039fd92f617a940957876e0f0a7a0f55886 [log] [tgz]
author: Patrick Williams <pdwilliams@google.com> Tue Jul 09 22:21:28 2024 +0000
committer: Patrick Williams <pdwilliams@google.com> Tue Jul 16 20:42:34 2024 +0000
tree: edad579f7462351d2edc14a814ff4d482da1266b
parent: 469cce7eeb9368049080da859977b214f61acb7d [diff] [blame]
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 91e9aba..f6f1d9b 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -85,6 +85,10 @@
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
 
+# Allow reading and writing to sockets used for BLAST buffer releases
+allow surfaceflinger { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:unix_stream_socket { read write };
+allow surfaceflinger bootanim:unix_stream_socket { read write };
+
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
 binder_call(surfaceflinger, shell)
commit	e85c8039fd92f617a940957876e0f0a7a0f55886	[log] [tgz]
author	Patrick Williams <pdwilliams@google.com>	Tue Jul 09 22:21:28 2024 +0000
committer	Patrick Williams <pdwilliams@google.com>	Tue Jul 16 20:42:34 2024 +0000
tree	edad579f7462351d2edc14a814ff4d482da1266b
parent	469cce7eeb9368049080da859977b214f61acb7d [diff] [blame]