diff options
author | dianlujitao <dianlujitao@lineageos.org> | 2022-03-20 19:17:05 -0300 |
---|---|---|
committer | sinanmohd <pcmsinan@gmail.com> | 2023-01-05 21:30:23 +0530 |
commit | 2c11d61122273443086a02b0b0fda9638e677bfc (patch) | |
tree | 00982ee09ab793899e874d1eabef13af01d9d2db /sepolicy/vendor | |
parent | f84b614229fb517e286de6e72c869a7ef24d8d64 (diff) |
veux: sepolicy: Make fastrpc_shell_3 publicly available
* Used by GCAM for DSP-accelerated HDR processing
* Arguably we should label /vendor/dsp/cdsp/fastrpc_shell_3 to
same_process_hal_file like Pixels, but the partition is prebuilt thus
we're unable to relabel it.
* Copy the file to writable tmpfs, setup attributes and bind mount back
to workaround the limitation.
[ghostrider-reborn]:
Allow adsp/cdsprpcd and neuralnetworks HAL to access fastrpc_shell_3
[kras edit:
1. rename some contexts as per qva/kona
2. extend to allow camera HAL and VPP service to access it as well]
Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Diffstat (limited to 'sepolicy/vendor')
-rw-r--r-- | sepolicy/vendor/adsprpcd.te | 3 | ||||
-rw-r--r-- | sepolicy/vendor/app.te | 3 | ||||
-rw-r--r-- | sepolicy/vendor/cdsprpcd.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/file_contexts | 5 | ||||
-rw-r--r-- | sepolicy/vendor/hal_camera_default.te | 2 | ||||
-rw-r--r-- | sepolicy/vendor/hal_neuralnetworks_default.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/init.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/vppservice.te | 1 |
8 files changed, 17 insertions, 0 deletions
diff --git a/sepolicy/vendor/adsprpcd.te b/sepolicy/vendor/adsprpcd.te index 58fe3e7..d5efe9f 100644 --- a/sepolicy/vendor/adsprpcd.te +++ b/sepolicy/vendor/adsprpcd.te @@ -1 +1,4 @@ +type public_adsprpcd_file, file_type; + +r_dir_file(vendor_adsprpcd, public_adsprpcd_file) r_dir_file(vendor_adsprpcd, vendor_sysfs_graphics) diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 60325ab..b70be61 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1 +1,4 @@ +allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms; +allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms; + get_prop({ appdomain -isolated_app }, vendor_mlipay_prop) diff --git a/sepolicy/vendor/cdsprpcd.te b/sepolicy/vendor/cdsprpcd.te new file mode 100644 index 0000000..36612a5 --- /dev/null +++ b/sepolicy/vendor/cdsprpcd.te @@ -0,0 +1 @@ +r_dir_file(vendor_cdsprpcd, public_adsprpcd_file)
\ No newline at end of file diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 7afaa3a..7475fab 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -15,6 +15,11 @@ # Camera /mnt/vendor/persist/camera(/.*)? u:object_r:camera_persist_file:s0 +# Hexagon DSP-side executable needed for Halide operation +# This is labeled as public_adsprpcd_file as it needs to be read by apps +# (e.g. Google Camera App) +/mnt/vendor/dsp/fastrpc_shell_3 u:object_r:public_adsprpcd_file:s0 + # Fingerprint /dev/goodix_fp u:object_r:vendor_fingerprint_device:s0 /dev/silead_fp u:object_r:vendor_fingerprint_device:s0 diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te index d97b6ee..cbca59c 100644 --- a/sepolicy/vendor/hal_camera_default.te +++ b/sepolicy/vendor/hal_camera_default.te @@ -1,2 +1,4 @@ r_dir_file(hal_camera_default, camera_persist_file) set_prop(hal_camera_default, vendor_camera_sensor_prop) + +allow hal_camera_default public_adsprpcd_file:file r_file_perms; diff --git a/sepolicy/vendor/hal_neuralnetworks_default.te b/sepolicy/vendor/hal_neuralnetworks_default.te new file mode 100644 index 0000000..97582e9 --- /dev/null +++ b/sepolicy/vendor/hal_neuralnetworks_default.te @@ -0,0 +1 @@ +r_dir_file(vendor_hal_neuralnetworks_default, public_adsprpcd_file)
\ No newline at end of file diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te new file mode 100644 index 0000000..5be36d2 --- /dev/null +++ b/sepolicy/vendor/init.te @@ -0,0 +1 @@ +allow init adsprpcd_file:file mounton;
\ No newline at end of file diff --git a/sepolicy/vendor/vppservice.te b/sepolicy/vendor/vppservice.te new file mode 100644 index 0000000..1870236 --- /dev/null +++ b/sepolicy/vendor/vppservice.te @@ -0,0 +1 @@ +r_dir_file(vendor_vppservice, public_adsprpcd_file)
\ No newline at end of file |