| Dan Cashman | 8058248 | 2017-12-06 09:20:27 -0800 | [diff] [blame] | 1 | # bufferhubd |
| 2 | type bufferhubd, domain, mlstrustedsubject; |
| 3 | type bufferhubd_exec, exec_type, file_type; |
| 4 | |
| 5 | hal_client_domain(bufferhubd, hal_graphics_allocator) |
| 6 | |
| 7 | pdx_server(bufferhubd, bufferhub_client) |
| 8 | pdx_client(bufferhubd, performance_client) |
| 9 | |
| 10 | # Access the GPU. |
| 11 | allow bufferhubd gpu_device:chr_file rw_file_perms; |
| 12 | |
| 13 | # Access /dev/ion |
| 14 | allow bufferhubd ion_device:chr_file r_file_perms; |
| 15 | |
| 16 | # Receive sync fence FDs from mediacodec. Note that mediacodec never directly |
| 17 | # connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between |
| 18 | # those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX. |
| 19 | # Thus, there is no need to use pdx_client macro. |
| 20 | allow bufferhubd mediacodec:fd use; |