PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Give hal_drm_server appdomain fd access."

Browse Source
This commit is contained in:
Treehugger Robot 2019-06-10 18:20:47 +00:00 committed by Gerrit Code Review
commit 7d258073df
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/hal_drm.te
View File

@ -31,6 +31,8 @@ allow hal_drm sysfs:file r_file_perms;
allow hal_drm tee_device:chr_file rw_file_perms; allow hal_drm tee_device:chr_file rw_file_perms;
allow hal_drm_server { appdomain -isolated_app }:fd use;
# only allow unprivileged socket ioctl commands # only allow unprivileged socket ioctl commands
allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket } allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };

1
vendor/hal_drm_default.te vendored
View File

@ -5,6 +5,5 @@ type hal_drm_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_default) init_daemon_domain(hal_drm_default)
allow hal_drm_default hal_omx_server:fd use; allow hal_drm_default hal_omx_server:fd use;
allow hal_drm_default { appdomain -isolated_app }:fd use;
allow hal_drm_default hal_allocator_server:fd use; allow hal_drm_default hal_allocator_server:fd use;