From f30a82efe21a76663ed45045e3721429ef7980c4 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 19 May 2017 14:10:41 -0700
Subject: [PATCH] Fix graphics composer denial.

Right now, the hwcomposer hidl hal is unable to figure out where
to get the hidl mapper implementation.

It is expected that all graphics composer objects will need this
permission. The interfaces are written to work together with the
"IMapper" being the same-process ("sphal") component and the
"IComposer" interface being the binderized compoenent.

10-09 00:24:38.900   457   457 E SELinux : avc:  denied  { find } for
interface=android.hardware.graphics.mapper::IMapper pid=495
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager

Test: boot marlin, denial no longer present.
Bug: 38415912
Change-Id: I1b274be10e115fa7b53fb81e85be8827da05997e
---
 public/hal_graphics_composer.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/hal_graphics_composer.te b/public/hal_graphics_composer.te
index 2d8483d3c..287037c6e 100644
--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
@@ -5,6 +5,9 @@ binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
 add_hwservice(hal_graphics_composer_server, hal_graphics_composer_hwservice)
 allow hal_graphics_composer_client hal_graphics_composer_hwservice:hwservice_manager find;
 
+# Coordinate with hal_graphics_mapper
+allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;
+
 # GPU device access
 allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
 allow hal_graphics_composer ion_device:chr_file r_file_perms;
-- 
GitLab