Split some device nodes out from device.
Some of these will get factored out into device-specific
configs later.
Change-Id: I7ea9c22a666b13bca2d867e5bcc7084ed7129de3
diff --git a/device.te b/device.te
index d55258a..a44b31e 100644
--- a/device.te
+++ b/device.te
@@ -10,6 +10,9 @@
type block_device, dev_type;
type camera_device, dev_type;
type dm_device, dev_type;
+# XXX may be specific for mako
+type dss_device, dev_type;
+type knvmap_device, dev_type;
type loop_device, dev_type;
type radio_device, dev_type;
type ram_device, dev_type;
@@ -20,6 +23,7 @@
type input_device, dev_type;
type kmem_device, dev_type;
type log_device, dev_type, mlstrustedobject;
+type msm_rotator_device, dev_type;
type mtd_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
@@ -27,6 +31,7 @@
type powervr_device, dev_type, mlstrustedobject;
type ptmx_device, dev_type, mlstrustedobject;
type qemu_device, dev_type;
+type sysfs_devices_system_cpu, dev_type;
type kmsg_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type;
diff --git a/file_contexts b/file_contexts
index 8906e38..fef8fb2 100644
--- a/file_contexts
+++ b/file_contexts
@@ -46,6 +46,7 @@
/dev/console u:object_r:console_device:s0
/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
/dev/device-mapper u:object_r:dm_device:s0
+/dev/dsscomp u:object_r:dss_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/full u:object_r:full_device:s0
/dev/fuse u:object_r:fuse_device:s0
@@ -53,12 +54,16 @@
/dev/input(/.*) u:object_r:input_device:s0
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
/dev/ion u:object_r:ion_device:s0
+/dev/kgsl-3d0 u:object_r:graphics_device:s0
/dev/kmem u:object_r:kmem_device:s0
+/dev/knvmap u:object_r:knvmap_device:s0
/dev/log(/.*)? u:object_r:log_device:s0
/dev/mem u:object_r:kmem_device:s0
/dev/modem.* u:object_r:radio_device:s0
/dev/mpu u:object_r:gps_device:s0
/dev/mpuirq u:object_r:gps_device:s0
+# XXX move to device-specific
+/dev/msm_rotator u:object_r:msm_rotator_device:s0
/dev/mtd(/.*)? u:object_r:mtd_device:s0
/dev/mtd/mtd5 u:object_r:radio_device:s0
/dev/mtd/mtd5ro u:object_r:radio_device:s0
diff --git a/surfaceflinger.te b/surfaceflinger.te
index a383ec1..3a4b4b7 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -32,3 +32,9 @@
allow surfaceflinger appdomain:fd use;
allow surfaceflinger platform_app_data_file:file { read write };
allow surfaceflinger app_data_file:file { read write };
+
+# Allow access to special-purpose devices
+# XXX may be device-specific
+allow surfaceflinger dss_device:chr_file { read write };
+allow surfaceflinger knvmap_device:chr_file { ioctl };
+allow surfaceflinger msm_rotator_device:chr_file { open };
\ No newline at end of file
diff --git a/system.te b/system.te
index 9d6d4c1..4086d60 100644
--- a/system.te
+++ b/system.te
@@ -122,6 +122,7 @@
# XXX Label sysfs files with a specific type?
allow system sysfs:file rw_file_perms;
+allow system sysfs_devices_system_cpu:dir search;
allow system sysfs_nfc_power_writable:file rw_file_perms;
# Access devices.
