Give the DMA-BUF CMA heap its own label
Currently, it is labelled as graphics_device. This patch
creates a new type for it with attribute dmabuf_heap_device_type.
Test: build
Change-Id: I8456b28f6b3a6eb202431926163c70c66d22347c
diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te
index 833e957..7f2b36b 100644
--- a/sepolicy/hal_graphics_allocator_default.te
+++ b/sepolicy/hal_graphics_allocator_default.te
@@ -1,3 +1,6 @@
+type dmabuf_cma_heap_device, dmabuf_heap_device_type, dev_type;
+
allow hal_graphics_allocator_default graphics_device:dir search;
allow hal_graphics_allocator_default graphics_device:chr_file { open read write ioctl map rw_file_perms};
allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default dmabuf_cma_heap_device:chr_file r_file_perms;