1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
allow surfaceflinger sysfs_graphics:file rw_file_perms;
allow surfaceflinger sysfs:file w_file_perms;
# Allow reading/writing to 'persist/display/*'
allow surfaceflinger persist_display_file:dir rw_dir_perms;
allow surfaceflinger persist_display_file:file create_file_perms;
# Allow only directory search to '/persist'
allow surfaceflinger persist_file:dir search;
allow surfaceflinger sysfs:file write;
# Use open file provided by poweroffhandler
binder_call(surfaceflinger, poweroffhandler);
binder_call(surfaceflinger, location)
binder_call(surfaceflinger, tee)
# access to perflock
allow surfaceflinger mpctl_socket:dir r_dir_perms;
unix_socket_send(surfaceflinger, mpctl, perfd)
unix_socket_connect(surfaceflinger, mpctl, perfd)
unix_socket_send(surfaceflinger, mpctl, mpdecision)
unix_socket_connect(surfaceflinger, mpctl, mpdecision)
# access to /data/misc/display for dumping input frames
allow surfaceflinger display_misc_file:dir create_dir_perms;
allow surfaceflinger display_misc_file:file create_file_perms;
# Allows access to dpps daemon in calibration mode
unix_socket_connect(surfaceflinger, pps, mm-pp-daemon)
r_dir_file(surfaceflinger, firmware_file)
#Allow access to fastmmi
binder_call(surfaceflinger, mmi)
#Allow access to cameraserver service
allow surfaceflinger cameraserver_service:service_manager find;
#diag
userdebug_or_eng(`
diag_use(surfaceflinger)
')
|