rpcraig wrote:
On 12/07/2012 11:55 AM, Joshua Brindle wrote:
rpcraig wrote:
On 12/07/2012 11:30 AM, Joshua Brindle wrote:
while trying to figure out labels for devices on mako I came across
/dev/kgsl-3d0, which appears to be the gpu (it is created by
kernel/msm/arch/arm/mach-msm/lge/mako/board-mako-gpu.c) so I labeled
it video_device (which I believe is used for this sort of thing).
Unfortunately, and to my dismay it looks like everything in the OS
accesses this directly:
<snip>
Looks like graphics_device to me. I had a similar problem with the manta
gpu. I made a new type.
I see in the manta policy:
app.te:allow appdomain graphics_device:chr_file rw_file_perms;
Isn't that unsafe?
We have new policy to update that line. We haven't committed it yet.
Still deciding on a name for the new type. At the moment we're unsure
why all the appdomains need write access.
Is there currently guidance on creating types in the device-specific
policy? I can see arguments either way, just want to be consistent with
what you guys are doing.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
