db845c: Switch gralloc to use gralloc.minigbm_msm instead of gralloc_gbm

Instead of carying our own copy of gralloc_gbm, try to utilize
the minigbm gralloc as it implements gralloc4

Change-Id: I628ff76d3ef7cf441b122bc6f2e49f662b0c7ed5
Signed-off-by: John Stultz <john.stultz@linaro.org>
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 6f3906d..6bc4965 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -38,6 +38,7 @@
 /system/bin/tinymix									u:object_r:tinymix_exec:s0
 
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.software			u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service\.minigbm_msm		u:object_r:hal_graphics_allocator_default_exec:s0
 /vendor/bin/pd-mapper									u:object_r:pd_mapper_exec:s0
 /vendor/bin/qrtr-cfg									u:object_r:qrtr_exec:s0
 /vendor/bin/qrtr-ns									u:object_r:qrtr_exec:s0
@@ -48,8 +49,11 @@
 /vendor/lib(64)?/dri/.*									u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/gralloc\.gbm\.so							u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/android\.hardware\.health@2\.0-impl-2\.1-cuttlefish\.so		u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/gralloc\.minigbm_msm\.so						u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl\.minigbm_msm\.so	u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libdrm\.so								u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libdrm_freedreno\.so							u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgbm_mesa\.so							u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libglapi\.so								u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libminigbm_gralloc_msm\.so						u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqrtr\.so								u:object_r:same_process_hal_file:s0
diff --git a/sepolicy/hal_graphics_composer.te b/sepolicy/hal_graphics_composer.te
index 40dbe25..cc45ebf 100644
--- a/sepolicy/hal_graphics_composer.te
+++ b/sepolicy/hal_graphics_composer.te
@@ -1 +1,3 @@
+allow hal_graphics_composer_server hal_graphics_allocator_default_tmpfs:file read;
+
 gpu_access(hal_graphics_composer_server)
diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te
index 9c310f6..56e03aa 100644
--- a/sepolicy/hal_graphics_composer_default.te
+++ b/sepolicy/hal_graphics_composer_default.te
@@ -1,3 +1,8 @@
+hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
 vndbinder_use(hal_graphics_composer_default)
 
 allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { bind create read };
+
+# Suppress warnings for drm_hwcomposer trying to read some vendor.hwc.*
+# properties as dragonboard never configures these properties.
+dontaudit hal_graphics_composer_default default_prop:file read;
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
index 3123f6b..a50bec1 100644
--- a/sepolicy/te_macros
+++ b/sepolicy/te_macros
@@ -4,6 +4,7 @@
 define(`gpu_access', `
 allow $1 dri_device:dir { open read search };
 allow $1 sysfs_gpu:dir search;
+allow $1 gpu_device:chr_file { getattr ioctl map open read write };
+allow $1 graphics_device:chr_file { getattr };
 allow $1 sysfs_gpu:file { getattr open read };
-dontaudit $1 graphics_device:chr_file getattr;
 ')