summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/app.te3
-rw-r--r--sepolicy/device.te2
-rw-r--r--sepolicy/file_contexts2
3 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te
new file mode 100644
index 0000000..eb71391
--- /dev/null
+++ b/sepolicy/app.te
@@ -0,0 +1,3 @@
+# Grant GPU access to all processes started by Zygote.
+# They need that to render the standard UI.
+allow appdomain gpu_device:chr_file rw_file_perms;
diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..f29322b
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1,2 @@
+# GPU (used by most UI apps)
+type gpu_device, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..49aff48
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# GPU device
+/dev/kgsl-3d0 u:object_r:gpu_device:s0