sepolicy: minigbm_msm: fix vendor.minigbm.debug prop access denials am: 4746684811 am: e6ebfb6e97 am: 2352d0e529 am: f43930e007
Original change: https://android-review.googlesource.com/c/device/linaro/dragonboard/+/2752086
Change-Id: I9dcc743751b4a303b5002176f9de24020175998a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
index b486932..fef3164 100644
--- a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
+++ b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te
@@ -1,2 +1,33 @@
vendor_public_prop(vendor_minigbm_debug_prop)
set_prop(vendor_init, vendor_minigbm_debug_prop)
+
+#
+# audit2allow
+#
+
+#============= bootanim ==============
+allow bootanim vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= hal_graphics_allocator_default ==============
+allow hal_graphics_allocator_default vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= hal_graphics_composer_default ==============
+allow hal_graphics_composer_default vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= platform_app ==============
+allow platform_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= priv_app ==============
+allow priv_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= surfaceflinger ==============
+allow surfaceflinger vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= system_app ==============
+allow system_app vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= system_server ==============
+allow system_server vendor_minigbm_debug_prop:file { getattr map open read };
+
+#============= untrusted_app_xx ==============
+allow appdomain -isolated_app_all vendor_minigbm_debug_prop:file { getattr map open read };
diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros b/shared/graphics/minigbm_msm/sepolicy/minigbm_macros
deleted file mode 100644
index a2b0523..0000000
--- a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros
+++ /dev/null
@@ -1,6 +0,0 @@
-#####################################
-# minigbm_access(client_domain)
-# Allow client_domain to communicate with the minigbm lib
-define(`minigbm_access', `
-allow $1 vendor_minigbm_debug_prop:file { getattr map open read };
-')