sepolicy: Add sepolicies for graphics
Added file context policy for graphics runtime script
Added sepolicy for qti_graphics_boot oneshot service
Change-Id: I6d09b30cf8b6c3431c5ae862cc1d7e48907bb7aa
diff --git a/generic/vendor/kalama/file_contexts b/generic/vendor/kalama/file_contexts
index 6d3a0eb..dc42fbd 100644
--- a/generic/vendor/kalama/file_contexts
+++ b/generic/vendor/kalama/file_contexts
@@ -315,6 +315,9 @@
/vendor/bin/hw/vendor\.aks\.gamepad@1\.0-service u:object_r:hal_gamepad_default_exec:s0
/dev/aks_input u:object_r:vendor_aks_chr_device:s0
+#Gfx
+/(vendor|system/vendor)/bin/init\.qti\.graphics\.sh u:object_r:vendor_qti_graphics_boot_exec:s0
+
# Microdump collector parameters
/sys/module/microdump_collector/parameters/.* u:object_r:vendor_sysfs_microdump:s0
/vendor/bin/usbudev u:object_r:vendor_usbudev_qti_exec:s0
diff --git a/generic/vendor/kalama/vendor_qti_graphics_boot.te b/generic/vendor/kalama/vendor_qti_graphics_boot.te
new file mode 100644
index 0000000..4a9b66e
--- /dev/null
+++ b/generic/vendor/kalama/vendor_qti_graphics_boot.te
@@ -0,0 +1,11 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_qti_graphics_boot, domain;
+type vendor_qti_graphics_boot_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_qti_graphics_boot)
+
+#============= qti_graphics_boot ==============
+set_prop(vendor_qti_graphics_boot, vendor_display_prop)
+allow vendor_qti_graphics_boot vendor_toolbox_exec:file rx_file_perms;