commit 47466848112e0895c609f6ac736d81cd361e68a5
author Amit Pundir <amit.pundir@linaro.org> Tue Sep 12 18:55:27 2023 +0530
committer Amit Pundir <amit.pundir@linaro.org> Thu Sep 14 14:57:30 2023 +0530
tree 11cc2e70bf261d7ce5458a7dc5ea52379fbad56c
parent 6749c910f384be6699844b05e3377075632adf54

sepolicy: minigbm_msm: fix vendor.minigbm.debug prop access denials

Change-Id: I2de2fe44f5d105f68eef7353dc6c902a61ff765a
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te

diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
index b486932..fef3164 100644
--- a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
+++ b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
@@ -1,2 +1,33 @@
 vendor_public_prop(vendor_minigbm_debug_prop)
 set_prop(vendor_init, vendor_minigbm_debug_prop)
+
+#
+# audit2allow
+#
+
+#============= bootanim ==============
+allow bootanim vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= hal_graphics_allocator_default ==============
+allow hal_graphics_allocator_default vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= hal_graphics_composer_default ==============
+allow hal_graphics_composer_default vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= platform_app ==============
+allow platform_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= priv_app ==============
+allow priv_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= surfaceflinger ==============
+allow surfaceflinger vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= system_app ==============
+allow system_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= system_server ==============
+allow system_server vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= untrusted_app_xx ==============
+allow appdomain -isolated_app_all vendor_minigbm_debug_prop:file { getattr map open read };

shared/graphics/minigbm_msm/sepolicy/minigbm_macros

diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros b/shared/graphics/minigbm_msm/sepolicy/minigbm_macros
deleted file mode 100644
index a2b0523..0000000
--- a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros
+++ /dev/null
@@ -1,6 +0,0 @@
-#####################################
-# minigbm_access(client_domain)
-# Allow client_domain to communicate with the minigbm lib
-define(`minigbm_access', `
-allow $1 vendor_minigbm_debug_prop:file { getattr map open read };
-')