1type hal_graphics_composer_server_tmpfs, file_type; 2attribute hal_graphics_composer_client_tmpfs; 3expandattribute hal_graphics_composer_client_tmpfs true; 4 5# HwBinder IPC from client to server, and callbacks 6binder_call(hal_graphics_composer_client, hal_graphics_composer_server) 7binder_call(hal_graphics_composer_server, hal_graphics_composer_client) 8allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write }; 9allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write }; 10 11hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice) 12 13# Coordinate with hal_graphics_mapper 14allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find; 15 16# GPU device access 17allow hal_graphics_composer gpu_device:chr_file rw_file_perms; 18allow hal_graphics_composer gpu_device:dir r_dir_perms; 19allow hal_graphics_composer ion_device:chr_file r_file_perms; 20allow hal_graphics_composer dmabuf_system_heap_device:chr_file r_file_perms; 21allow hal_graphics_composer hal_graphics_allocator:fd use; 22 23# Access /dev/graphics/fb0. 24allow hal_graphics_composer graphics_device:dir search; 25allow hal_graphics_composer graphics_device:chr_file rw_file_perms; 26 27# Fences 28allow hal_graphics_composer system_server:fd use; 29allow hal_graphics_composer bootanim:fd use; 30allow hal_graphics_composer appdomain:fd use; 31 32# allow self to set SCHED_FIFO 33allow hal_graphics_composer self:global_capability_class_set sys_nice; 34 35# allow surfaceflinger to use a pipe for dumpsys output 36allow hal_graphics_composer_server hal_graphics_composer_client:fifo_file write; 37 38 39binder_call(hal_graphics_composer_client, servicemanager) 40binder_call(hal_graphics_composer_server, servicemanager) 41 42hal_attribute_service(hal_graphics_composer, hal_graphics_composer_service) 43