diff options
| author | dianlujitao <dianlujitao@lineageos.org> | 2020-05-07 00:10:55 +0800 |
|---|---|---|
| committer | dianlujitao <dianlujitao@lineageos.org> | 2020-05-10 05:28:24 +0200 |
| commit | 59f88dbaf33b347692b95922bb4380ac432a5cb4 (patch) | |
| tree | ed86aa43539af0b95f6788396a37bb8a2491f4c0 /sepolicy/vendor | |
| parent | 6ba610dea3067f2da234a8d25d0c18f275faadc8 (diff) | |
sdm660-common: Make fastrpc_shell_3 publicly available
* Used by GCAM for DSP-accelerated HDR processing
* Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
same_process_hal_file like Pixels, but the partition is prebuilt thus
we're unable to relabel it.
* Copy the file to writable tmpfs, setup attributes and bind mount back
to workaround the limitation.
Change-Id: Ide90e5c7307d413db5ece736e859559f06679545
Diffstat (limited to 'sepolicy/vendor')
| -rw-r--r-- | sepolicy/vendor/app.te | 3 | ||||
| -rw-r--r-- | sepolicy/vendor/file.te | 3 | ||||
| -rw-r--r-- | sepolicy/vendor/file_contexts | 5 | ||||
| -rw-r--r-- | sepolicy/vendor/vendor_init.te | 2 |
4 files changed, 12 insertions, 1 deletions
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 511cc3f..971d3fa 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1,2 +1,5 @@ get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) get_prop({ appdomain -isolated_app }, mlipay_prop) + +allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms; +allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms; diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index f2e1ab4..6e4d3e4 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -1,4 +1,5 @@ type ir_dev_file, file_type; -type sysfs_touchpanel, fs_type, sysfs_type; +type public_adsprpcd_file, file_type; type sysfs_fingerprint, fs_type, sysfs_type; +type sysfs_touchpanel, fs_type, sysfs_type; type thermal_data_file, file_type, data_file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 616afd3..164e75b 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -12,6 +12,11 @@ /firmware u:object_r:firmware_file:s0 /bt_firmware u:object_r:bt_firmware_file:s0 +# Hexagon DSP-side executable needed for Halide operation +# This is labeled as public_adsprpcd_file as it needs to be read by apps +# (e.g. Google Camera App) +/mnt/vendor/dsp/fastrpc_shell_3 u:object_r:public_adsprpcd_file:s0 + # IR /dev/lirc0 u:object_r:spidev_device:s0 /dev/spidev7.1 u:object_r:spidev_device:s0 diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 466bd1d..9138eaa 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -5,5 +5,7 @@ allow vendor_init { tombstone_data_file }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; +allow init adsprpcd_file:file mounton; + set_prop(vendor_init, freq_prop) set_prop(vendor_init, camera_prop) |