whitechapel_pro/hal_graphics_composer_default.te - device/google/gs201-sepolicy - Git at Google

 # allow HWC to access power hal
 hal_client_domain(hal_graphics_composer_default, hal_power)

 hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)

 # allow HWC to access vendor_displaycolor_service
 add_service(hal_graphics_composer_default, vendor_displaycolor_service)

 add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)

 add_service(hal_graphics_composer_default, hal_pixel_display_service)

 # access sysfs R/W
 allow hal_graphics_composer_default sysfs_display:dir search;
 allow hal_graphics_composer_default sysfs_display:file rw_file_perms;

 userdebug_or_eng(`
 # allow HWC to access vendor log file
     allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
     allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
 # For HWC/libdisplaycolor to generate calibration file.
     allow hal_graphics_composer_default persist_display_file:file create_file_perms;
     allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
 ')

 # allow HWC/libdisplaycolor to read calibration data
 allow hal_graphics_composer_default mnt_vendor_file:dir search;
 allow hal_graphics_composer_default persist_file:dir search;
 allow hal_graphics_composer_default persist_display_file:file r_file_perms;
 allow hal_graphics_composer_default persist_display_file:dir search;

 # allow HWC to r/w backlight
 allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
 allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;

 # allow HWC to get vendor_persist_sys_default_prop
 get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)

 # allow HWC to get/set vendor_display_prop
 set_prop(hal_graphics_composer_default, vendor_display_prop)

 # boot stauts prop
 get_prop(hal_graphics_composer_default, boot_status_prop);

 # allow HWC to output to dumpstate via pipe fd
 allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
 allow hal_graphics_composer_default hal_dumpstate_default:fd use;

 # socket / vnd service
 allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 vndbinder_use(hal_graphics_composer_default)

 # allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
 get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)

 # allow HWC to write log file
 allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
 allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
	# allow HWC to access power hal
	hal_client_domain(hal_graphics_composer_default, hal_power)

	hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)

	# allow HWC to access vendor_displaycolor_service
	add_service(hal_graphics_composer_default, vendor_displaycolor_service)

	add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)

	add_service(hal_graphics_composer_default, hal_pixel_display_service)

	# access sysfs R/W
	allow hal_graphics_composer_default sysfs_display:dir search;
	allow hal_graphics_composer_default sysfs_display:file rw_file_perms;

	userdebug_or_eng(`
	# allow HWC to access vendor log file
	allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
	allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
	# For HWC/libdisplaycolor to generate calibration file.
	allow hal_graphics_composer_default persist_display_file:file create_file_perms;
	allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
	')

	# allow HWC/libdisplaycolor to read calibration data
	allow hal_graphics_composer_default mnt_vendor_file:dir search;
	allow hal_graphics_composer_default persist_file:dir search;
	allow hal_graphics_composer_default persist_display_file:file r_file_perms;
	allow hal_graphics_composer_default persist_display_file:dir search;

	# allow HWC to r/w backlight
	allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
	allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;

	# allow HWC to get vendor_persist_sys_default_prop
	get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)

	# allow HWC to get/set vendor_display_prop
	set_prop(hal_graphics_composer_default, vendor_display_prop)

	# boot stauts prop
	get_prop(hal_graphics_composer_default, boot_status_prop);

	# allow HWC to output to dumpstate via pipe fd
	allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
	allow hal_graphics_composer_default hal_dumpstate_default:fd use;

	# socket / vnd service
	allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
	vndbinder_use(hal_graphics_composer_default)

	# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
	get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)

	# allow HWC to write log file
	allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
	allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;