PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Sepolicy for vendor hals to access IAshmem"

Browse Source
This commit is contained in:
Treehugger Robot 2019-06-08 06:06:17 +00:00 committed by Gerrit Code Review
commit 06984017b7
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/domain.te
View File

@ -77,6 +77,11 @@ allow {
# Allow using fds to /dev/ashmem.
allow domain ashmem_server:fd use;
# Allow vendor hals to access IAshmem
# TODO(b/134783601): Change to a whitelist.
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
allow { domain -coredomain -appdomain } ashmem_server: binder call;
# /dev/binder can be accessed by non-vendor domains and by apps
allow {
coredomain