From 7004789de39c1e712169ac6d4c98bdbe43dcce6e Mon Sep 17 00:00:00 2001
From: Greg Hackmann <ghackmann@google.com>
Date: Tue, 6 May 2014 15:42:18 -0700
Subject: [PATCH] Add policies for Atomic Display Framework

ADF is a modern replacement for fbdev.

ADF's device nodes (/dev/adf[X]), interface nodes
(/dev/adf-interface[X].[Y]), and overlay engine nodes
(/dev/adf-overlay-engine[X].[Y]) are collectively used in similar
contexts as fbdev nodes.  Vendor HW composers (via SurfaceFlinger) and
healthd will need to send R/W ioctls to these nodes to prepare and
update the display.

Ordinary apps should not talk to ADF directly.

Change-Id: Ic0a76b1e82c0cc1e8f240f219928af1783e79343
Signed-off-by: Greg Hackmann <ghackmann@google.com>
---
 app.te            | 6 ++++--
 device.te         | 1 +
 file_contexts     | 3 +++
 healthd.te        | 1 +
 surfaceflinger.te | 3 +++
 5 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app.te b/app.te
index 81c6a5343..fb2fb6dd9 100644
--- a/app.te
+++ b/app.te
@@ -191,8 +191,10 @@ neverallow { appdomain -unconfineddomain } {
 }:chr_file { read write };
 
 # Note: Try expanding list of app domains in the future.
-neverallow { untrusted_app isolated_app shell -unconfineddomain }
-    graphics_device:chr_file { read write };
+neverallow { untrusted_app isolated_app shell -unconfineddomain } {
+    adf_device
+    graphics_device
+}:chr_file { read write };
 
 neverallow { appdomain -nfc -unconfineddomain } nfc_device:chr_file
     { read write };
diff --git a/device.te b/device.te
index e9b7e515a..bf7b2e7d2 100644
--- a/device.te
+++ b/device.te
@@ -2,6 +2,7 @@
 type device, dev_type, fs_type;
 type alarm_device, dev_type, mlstrustedobject;
 type adb_device, dev_type;
+type adf_device, dev_type;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index b4ec8e833..ce2639059 100644
--- a/file_contexts
+++ b/file_contexts
@@ -31,6 +31,9 @@
 /dev(/.*)?		u:object_r:device:s0
 /dev/akm8973.*		u:object_r:sensors_device:s0
 /dev/accelerometer	u:object_r:sensors_device:s0
+/dev/adf[0-9]*		u:object_r:adf_device:s0
+/dev/adf-interface[0-9]*\.[0-9]*	u:object_r:adf_device:s0
+/dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:adf_device:s0
 /dev/alarm		u:object_r:alarm_device:s0
 /dev/android_adb.*	u:object_r:adb_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
diff --git a/healthd.te b/healthd.te
index cfdb756a7..224090edf 100644
--- a/healthd.te
+++ b/healthd.te
@@ -23,6 +23,7 @@ allow healthd sysfs:file write;
 ### healthd: charger mode
 ###
 
+allow healthd adf_device:chr_file rw_file_perms;
 allow healthd graphics_device:dir r_dir_perms;
 allow healthd graphics_device:chr_file rw_file_perms;
 allow healthd input_device:dir r_dir_perms;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 1fc18dbf2..3be2c1b12 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -30,6 +30,9 @@ allow surfaceflinger gpu_device:chr_file rw_file_perms;
 allow surfaceflinger graphics_device:dir search;
 allow surfaceflinger graphics_device:chr_file rw_file_perms;
 
+# Access ADF device nodes.
+allow surfaceflinger adf_device:chr_file rw_file_perms;
+
 # Access /dev/video1.
 allow surfaceflinger video_device:dir r_dir_perms;
 allow surfaceflinger video_device:chr_file rw_file_perms;
-- 
GitLab