diff options
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/app.te | 3 | ||||
-rw-r--r-- | sepolicy/device.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 2 |
3 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te new file mode 100644 index 0000000..eb71391 --- /dev/null +++ b/sepolicy/app.te @@ -0,0 +1,3 @@ +# Grant GPU access to all processes started by Zygote. +# They need that to render the standard UI. +allow appdomain gpu_device:chr_file rw_file_perms; diff --git a/sepolicy/device.te b/sepolicy/device.te new file mode 100644 index 0000000..f29322b --- /dev/null +++ b/sepolicy/device.te @@ -0,0 +1,2 @@ +# GPU (used by most UI apps) +type gpu_device, dev_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..49aff48 --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# GPU device +/dev/kgsl-3d0 u:object_r:gpu_device:s0 |