diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts index 43e91b8..5a4c887 100644 --- a/sepolicy/common/file_contexts +++ b/sepolicy/common/file_contexts @@ -21,7 +21,7 @@ # executeables /system/vendor/bin/macloader u:object_r:macloader_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service.samsung8974 u:object_r:hal_sensors_default_exec:s0 -/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-qcom u:object_r:hal_lineage_livedisplay_default_exec:s0 +/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-qcom u:object_r:hal_lineage_livedisplay_sysfs_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0 # firmware diff --git a/sepolicy/common/hal_lineage_livedisplay_default.te b/sepolicy/common/hal_lineage_livedisplay_default.te deleted file mode 100644 index 33843e4..0000000 --- a/sepolicy/common/hal_lineage_livedisplay_default.te +++ /dev/null @@ -1,9 +0,0 @@ -allow hal_lineage_livedisplay_default { - sysfs_graphics - sysfs_mdnie -}:dir search; - -allow hal_lineage_livedisplay_default { - sysfs_graphics - sysfs_mdnie -}:file rw_file_perms; diff --git a/sepolicy/common/hal_lineage_livedisplay_sysfs.te b/sepolicy/common/hal_lineage_livedisplay_sysfs.te new file mode 100644 index 0000000..82c371d --- /dev/null +++ b/sepolicy/common/hal_lineage_livedisplay_sysfs.te @@ -0,0 +1,14 @@ +# Allow LiveDisplay to store files under /data/vendor/display and access them +allow hal_lineage_livedisplay_sysfs display_vendor_data_file:dir rw_dir_perms; +allow hal_lineage_livedisplay_sysfs display_vendor_data_file:file create_file_perms; + +# Allow LiveDisplay to read and write to files in sysfs_graphics, sysfs_mdnie +allow hal_lineage_livedisplay_sysfs { + sysfs_graphics + sysfs_mdnie +}:dir search; + +allow hal_lineage_livedisplay_sysfs { + sysfs_graphics + sysfs_mdnie +}:file rw_file_perms;