am e7e54fac: Revert "Revert "Split some device nodes out from device.""

* commit 'e7e54fac': Revert "Revert "Split some device nodes out from device.""

am e7e54fac: Revert "Revert "Split some device nodes out from device.""
8b6728bd · Geremy Condra · Android Git Automerger · b7cdbba0 · e7e54fac · 8b6728bd
Commit 8b6728bd authored 12 years ago by Geremy Condra Committed by Android Git Automerger 12 years ago
--- a/device.te
+++ b/device.te
@@ -10,6 +10,9 @@ type binder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
+# XXX may be specific for mako
+type dss_device, dev_type;
+type knvmap_device, dev_type;
 type loop_device, dev_type;
 type radio_device, dev_type;
 type ram_device, dev_type;
@@ -20,6 +23,7 @@ type graphics_device, dev_type;
 type input_device, dev_type;
 type kmem_device, dev_type;
 type log_device, dev_type, mlstrustedobject;
+type msm_rotator_device, dev_type;
 type mtd_device, dev_type;
 type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
@@ -27,6 +31,7 @@ type nv_device, dev_type, mlstrustedobject;
 type powervr_device, dev_type, mlstrustedobject;
 type ptmx_device, dev_type, mlstrustedobject;
 type qemu_device, dev_type;
+type sysfs_devices_system_cpu, dev_type;
 type kmsg_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type;

--- a/file_contexts
+++ b/file_contexts
@@ -46,6 +46,7 @@
 /dev/console		u:object_r:console_device:s0
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
+/dev/dsscomp        u:object_r:dss_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/full		u:object_r:full_device:s0
 /dev/fuse		u:object_r:fuse_device:s0
@@ -53,12 +54,16 @@
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
+/dev/kgsl-3d0       u:object_r:graphics_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
+/dev/knvmap     u:object_r:knvmap_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
 /dev/mpu		u:object_r:gps_device:s0
 /dev/mpuirq		u:object_r:gps_device:s0
+# XXX move to device-specific
+/dev/msm_rotator    u:object_r:msm_rotator_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtd/mtd5		u:object_r:radio_device:s0
 /dev/mtd/mtd5ro		u:object_r:radio_device:s0

--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -32,3 +32,9 @@ allow surfaceflinger ctl_default_prop:property_service set;
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger platform_app_data_file:file { read write };
 allow surfaceflinger app_data_file:file { read write };
+# Allow access to special-purpose devices
+# XXX may be device-specific
+allow surfaceflinger dss_device:chr_file { read write };
+allow surfaceflinger knvmap_device:chr_file { ioctl };
+allow surfaceflinger msm_rotator_device:chr_file { open };
\ No newline at end of file
--- a/system.te
+++ b/system.te
@@ -122,6 +122,7 @@ selinux_check_access(system)
 # XXX Label sysfs files with a specific type?
 allow system sysfs:file rw_file_perms;
+allow system sysfs_devices_system_cpu:dir search;
 allow system sysfs_nfc_power_writable:file rw_file_perms;
 # Access devices.