From ccc8271aba19327dbf61f3d4234cdd250594a221 Mon Sep 17 00:00:00 2001
From: William Roberts <w.roberts@sta.samsung.com>
Date: Wed, 12 Sep 2012 14:42:11 -0700
Subject: [PATCH] Allow domain access to /dev/ion

Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252
---
 domain.te      | 3 +++
 mediaserver.te | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 6be7dddf4..47ad05a3a 100644
--- a/domain.te
+++ b/domain.te
@@ -83,6 +83,9 @@ allow domain cache_file:lnk_file read;
 allow domain cgroup:dir { search write };
 allow domain cgroup:file w_file_perms;
 
+#Allow access to ion memory allocation device
+allow domain ion_device:chr_file rw_file_perms;
+
 # For /sys/qemu_trace files in the emulator.
 bool in_qemu false;
 if (in_qemu) {
diff --git a/mediaserver.te b/mediaserver.te
index e124db052..4b299a025 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -25,7 +25,6 @@ allow mediaserver qemu_device:chr_file rw_file_perms;
 allow mediaserver sysfs:file rw_file_perms;
 # XXX Why?
 allow mediaserver apk_data_file:file { read getattr };
-allow mediaserver ion_device:chr_file rw_file_perms;
 
 # To use remote processor
 allow mediaserver rpmsg_device:chr_file rw_file_perms;
-- 
GitLab