From aab64a6c76c38f216b9b231c5b504b80bcb66fb3 Mon Sep 17 00:00:00 2001
From: Michael Gernoth <michael@gernoth.net>
Date: Tue, 6 Jan 2015 18:15:33 +0100
Subject: sepolicy: allow pvrsrvinit to talk to the GPU

Change-Id: I39e7ac945cbe6aff5c8d2496374645c7c28fa2da
---
 selinux/file_contexts | 1 +
 selinux/pvrsrvinit.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/selinux/file_contexts b/selinux/file_contexts
index 6027ea4..7c6b3ff 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -28,6 +28,7 @@
 
 # System binaries
 /system/bin/pvrsrvinit                      u:object_r:pvrsrvinit_exec:s0
+/system/vendor/bin/pvrsrvinit               u:object_r:pvrsrvinit_exec:s0
 /system/vendor/bin/pvrsrvctl_SGX540_120     u:object_r:pvrsrvinit_exec:s0
 
 /system/bin/dock_kbd_attach                 u:object_r:dock_kbd_attach_exec:s0
diff --git a/selinux/pvrsrvinit.te b/selinux/pvrsrvinit.te
index ae1ee0b..3d82777 100644
--- a/selinux/pvrsrvinit.te
+++ b/selinux/pvrsrvinit.te
@@ -4,6 +4,7 @@ type pvrsrvinit_exec, exec_type, file_type;
 
 init_daemon_domain(pvrsrvinit)
 
+allow pvrsrvinit gpu_device:chr_file rw_file_perms;
 allow pvrsrvinit kernel:system module_request;
 allow pvrsrvinit self:capability { sys_module };
 allow pvrsrvinit system_file:file x_file_perms;
-- 
cgit v1.1