Evolution-X-Devices/device_google_gs101
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hal_health_default: Fix avc denials

Browse Source 
[    5.146740] type=1400 audit(1611123521.796:23): avc: denied { search } for comm="android.hardwar" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[    5.425436] type=1400 audit(1611123522.076:24): avc: denied { search } for comm="health@2.1-serv" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[   29.943710] type=1400 audit(1611123546.592:483): avc: denied { write } for comm="health@2.1-serv" name="mode" dev="sysfs" ino=14741 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1
01-20 14:18:41.796   656   656 I android.hardwar: type=1400 audit(0.0:23): avc: denied { search } for name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1

Bug: 177966434
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I576547e27dceb55fd768de2834e3bb0155857f56
This commit is contained in:
Jack Wu
2021-03-10 12:23:34 +08:00
parent c625222492
commit 522a8aefcf
2 changed files with 7 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tracking_denials/hal_health_default.te
View File

@@ -1,15 +0,0 @@
# b/177966434
dontaudit hal_health_default sysfs_wlc:dir { search };
# b/181177925
dontaudit hal_health_default thermal_link_device:dir { search };
dontaudit hal_health_default sysfs_thermal:file { open };
dontaudit hal_health_default sysfs_thermal:file { write };
dontaudit hal_health_default sysfs_thermal:lnk_file { read };
dontaudit hal_health_default sysfs_thermal:dir { search };
dontaudit hal_health_default sysfs_thermal:file { write };
dontaudit hal_health_default sysfs_thermal:file { open };
dontaudit hal_health_default sysfs_batteryinfo:file { write };
dontaudit hal_health_default sysfs_thermal:dir { search };
dontaudit hal_health_default thermal_link_device:dir { search };
dontaudit hal_health_default sysfs_batteryinfo:file { write };
dontaudit hal_health_default sysfs_thermal:lnk_file { read };

7
whitechapel/vendor/google/hal_health_default.te vendored
View File

@@ -5,3 +5,10 @@ allow hal_health_default persist_battery_file:dir rw_dir_perms;
set_prop(hal_health_default, vendor_battery_defender_prop)
r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
allow hal_health_default sysfs_wlc:dir search;
allow hal_health_default sysfs_batteryinfo:file w_file_perms;
allow hal_health_default sysfs_thermal:dir search;
allow hal_health_default sysfs_thermal:file w_file_perms;
allow hal_health_default sysfs_thermal:lnk_file read;
allow hal_health_default thermal_link_device:dir search;