Give the DMA-BUF CMA heap its own label
Currently, it is labelled as graphics_device. This patch
creates a new type for it with attribute dmabuf_heap_device_type.
Test: build
Change-Id: I8456b28f6b3a6eb202431926163c70c66d22347c
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index e3add29..6a1f8d3 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -13,7 +13,7 @@
/dev/hifi_misc u:object_r:audio_device:s0
/dev/hi_vdec u:object_r:video_device:s0
/dev/hi_venc u:object_r:video_device:s0
-/dev/dma_heap/linux,cma u:object_r:graphics_device:s0
+/dev/dma_heap/linux,cma u:object_r:dmabuf_cma_heap_device:s0
/dev/graphics/fb0 u:object_r:graphics_device:s0
# files in /vendor
diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te
index 833e957..7f2b36b 100644
--- a/sepolicy/hal_graphics_allocator_default.te
+++ b/sepolicy/hal_graphics_allocator_default.te
@@ -1,3 +1,6 @@
+type dmabuf_cma_heap_device, dmabuf_heap_device_type, dev_type;
+
allow hal_graphics_allocator_default graphics_device:dir search;
allow hal_graphics_allocator_default graphics_device:chr_file { open read write ioctl map rw_file_perms};
allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default dmabuf_cma_heap_device:chr_file r_file_perms;