HiKey/HiKey960: Fix up new dmabuf_system_heap_device sepolicy fallout
Hridya recently got some patches merged to add new default sepolicy
for the dmabuf_system_heap_device (/dev/dma_heap/system).
However, since HiKey960 already had its own policy for
/dev/dma_heap/system, this causes conflicts which break gralloc
as well as future system use of the dmabuf heaps.
So refactor the policy to avoid relabeling the system heap, or
labeling the /dev/dma_heap/ directory. Also add permissions for
gralloc to access the new dmabuf_system_heap_device, and take
care to open the dmabuf heaps as READONLY, as RW isn't necessary
and the policy limits to RO.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I574f9231f1d04f3b36b4f75145f2e698b9009508
diff --git a/gralloc/alloc_device.cpp b/gralloc/alloc_device.cpp
index 95b1a43..f458a62 100644
--- a/gralloc/alloc_device.cpp
+++ b/gralloc/alloc_device.cpp
@@ -147,7 +147,7 @@
return ret;
}
- fd = open(buf, O_RDWR);
+ fd = open(buf, O_RDONLY);
if (fd < 0)
AERR("open %s failed!\n", buf);
return fd;
diff --git a/gralloc960/mali_gralloc_ion.cpp b/gralloc960/mali_gralloc_ion.cpp
index d688de1..c40dc7b 100644
--- a/gralloc960/mali_gralloc_ion.cpp
+++ b/gralloc960/mali_gralloc_ion.cpp
@@ -171,7 +171,7 @@
return ret;
}
- fd = open(buf, O_RDWR);
+ fd = open(buf, O_RDONLY);
if (fd < 0)
AERR("open %s failed!\n", buf);
return fd;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 927ec77..350c678 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -13,7 +13,7 @@
/dev/hifi_misc u:object_r:audio_device:s0
/dev/hi_vdec u:object_r:video_device:s0
/dev/hi_venc u:object_r:video_device:s0
-/dev/dma_heap(/.*)? u:object_r:graphics_device:s0
+/dev/dma_heap/linux,cma u:object_r:graphics_device:s0
/dev/graphics/fb0 u:object_r:graphics_device:s0
# files in /vendor
diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te
index b17dc7d..833e957 100644
--- a/sepolicy/hal_graphics_allocator_default.te
+++ b/sepolicy/hal_graphics_allocator_default.te
@@ -1,2 +1,3 @@
allow hal_graphics_allocator_default graphics_device:dir search;
allow hal_graphics_allocator_default graphics_device:chr_file { open read write ioctl map rw_file_perms};
+allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file r_file_perms;
diff --git a/ueventd.common.rc b/ueventd.common.rc
index 7f37c25..8065263 100644
--- a/ueventd.common.rc
+++ b/ueventd.common.rc
@@ -1,9 +1,5 @@
modalias_handling enabled
-subsystem dma_heap
- devname uevent_devpath
- dirname /dev/dma_heap
-
subsystem usbmisc
devname uevent_devname
@@ -18,7 +14,6 @@
/dev/hi_vdec 0660 system camera
/dev/hi_venc 0660 system camera
/dev/ion 0666 system graphics
-/dev/dma_heap/system 0666 system graphics
/dev/dma_heap/linux,cma 0666 system graphics
/dev/graphics/fb0 0666 system graphics