diff options
| author | Ji-Hwan Lee <jihwan@google.com> | 2014-05-19 20:43:23 +0900 |
|---|---|---|
| committer | Ji-Hwan Lee <jihwan@google.com> | 2014-05-19 20:49:17 +0900 |
| commit | 93e450767f6c4332f163e6c0886b0e435552a61d (patch) | |
| tree | cf4caf21fb9674caae6ac3a3ad1fdfb5140f6c9e | |
| parent | c89e1826bab7ec31dabc95453faef8e7bf4c462c (diff) | |
| download | build-93e450767f6c4332f163e6c0886b0e435552a61d.tar.gz | |
Allow qemu_device read-write access to various processes
Basically, allow access of qemu_device where gpu_device is allowed, for the
case when the emulator runs with OpenGL/ES emulation. Most noticably,
surfaceflinger crashes without qemu_device access.
Bug: 15052949
Change-Id: Ib891365a6d503309bced64e2512c4d8f29d9a07e
| -rw-r--r-- | target/board/generic/BoardConfig.mk | 4 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/app.te | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/bootanim.te | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/surfaceflinger.te | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/zygote.te | 1 | ||||
| -rw-r--r-- | target/board/generic_x86/BoardConfig.mk | 3 | ||||
| -rw-r--r-- | target/board/generic_x86/sepolicy/app.te | 1 | ||||
| -rw-r--r-- | target/board/generic_x86/sepolicy/bootanim.te | 1 | ||||
| -rw-r--r-- | target/board/generic_x86/sepolicy/surfaceflinger.te | 1 | ||||
| -rw-r--r-- | target/board/generic_x86/sepolicy/zygote.te | 1 |
10 files changed, 14 insertions, 1 deletions
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk index c30cc75862..6d58b1c86b 100644 --- a/target/board/generic/BoardConfig.mk +++ b/target/board/generic/BoardConfig.mk @@ -78,6 +78,7 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy BOARD_SEPOLICY_UNION += \ adbd.te \ + app.te \ bootanim.te \ device.te \ domain.te \ @@ -88,4 +89,5 @@ BOARD_SEPOLICY_UNION += \ rild.te \ shell.te \ surfaceflinger.te \ - system_server.te + system_server.te \ + zygote.te diff --git a/target/board/generic/sepolicy/app.te b/target/board/generic/sepolicy/app.te new file mode 100644 index 0000000000..fd33453e6c --- /dev/null +++ b/target/board/generic/sepolicy/app.te @@ -0,0 +1 @@ +allow appdomain qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te index d6506e11dd..a5a84f9fbb 100644 --- a/target/board/generic/sepolicy/bootanim.te +++ b/target/board/generic/sepolicy/bootanim.te @@ -1,2 +1,3 @@ allow bootanim self:process execmem; allow bootanim ashmem_device:chr_file execute; +allow bootanim qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te index 4c354697ab..671278919d 100644 --- a/target/board/generic/sepolicy/surfaceflinger.te +++ b/target/board/generic/sepolicy/surfaceflinger.te @@ -1,2 +1,3 @@ allow surfaceflinger self:process execmem; allow surfaceflinger ashmem_device:chr_file execute; +allow surfaceflinger qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te new file mode 100644 index 0000000000..a5da574060 --- /dev/null +++ b/target/board/generic/sepolicy/zygote.te @@ -0,0 +1 @@ +allow zygote qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk index faf8600c9b..727d3db734 100644 --- a/target/board/generic_x86/BoardConfig.mk +++ b/target/board/generic_x86/BoardConfig.mk @@ -44,7 +44,9 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy BOARD_SEPOLICY_UNION += \ + app.te \ adbd.te \ + bootanim.te \ device.te \ domain.te \ file.te \ @@ -55,5 +57,6 @@ BOARD_SEPOLICY_UNION += \ qemud.te \ rild.te \ shell.te \ + surfaceflinger.te \ system_server.te \ zygote.te diff --git a/target/board/generic_x86/sepolicy/app.te b/target/board/generic_x86/sepolicy/app.te new file mode 100644 index 0000000000..fd33453e6c --- /dev/null +++ b/target/board/generic_x86/sepolicy/app.te @@ -0,0 +1 @@ +allow appdomain qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/bootanim.te b/target/board/generic_x86/sepolicy/bootanim.te new file mode 100644 index 0000000000..762a57387f --- /dev/null +++ b/target/board/generic_x86/sepolicy/bootanim.te @@ -0,0 +1 @@ +allow bootanim qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/surfaceflinger.te b/target/board/generic_x86/sepolicy/surfaceflinger.te new file mode 100644 index 0000000000..865405ce55 --- /dev/null +++ b/target/board/generic_x86/sepolicy/surfaceflinger.te @@ -0,0 +1 @@ +allow surfaceflinger qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te index 93993a47f1..d34c4a1f9c 100644 --- a/target/board/generic_x86/sepolicy/zygote.te +++ b/target/board/generic_x86/sepolicy/zygote.te @@ -1,2 +1,3 @@ allow zygote self:process execmem; allow zygote self:capability sys_nice; +allow zygote qemu_device:chr_file rw_file_perms; |