enforce debugfs constraint on userdebug build am: de2696eb72

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17342326 Change-Id: I2008bde5b787053f818a58452f629e5bee8e8ced
2022-03-24 04:12:13 +00:00
parent f387f3dcd3 de2696eb72
commit fcae230ef4
4 changed files with 4 additions and 7 deletions
--- a/tracking_denials/hardware_info_app.te
+++ b/tracking_denials/hardware_info_app.te
@@ -0,0 +1,2 @@
+# b/208909060
+dontaudit hardware_info_app vendor_maxfg_debugfs:dir search;
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -2,4 +2,6 @@
 dontaudit vendor_init thermal_link_device:file { create };
 # b/221384939
 dontaudit vendor_init vendor_battery_defender_prop:property_service { set };
+# b/226271913
+dontaudit vendor_init vendor_maxfg_debugfs:file setattr;

--- a/whitechapel_pro/dumpstate.te
+++ b/whitechapel_pro/dumpstate.te
@@ -4,7 +4,6 @@ dump_hal(hal_telephony)
 dump_hal(hal_uwb_vendor)

 userdebug_or_eng(`
-  allow dumpstate vendor_dmabuf_debugfs:file r_file_perms;
  allow dumpstate media_rw_data_file:file append;
 ')

--- a/whitechapel_pro/hardware_info_app.te
+++ b/whitechapel_pro/hardware_info_app.te
@@ -22,11 +22,5 @@ allow hardware_info_app sysfs_display:file r_file_perms;
 allow hardware_info_app sysfs_soc:file r_file_perms;
 allow hardware_info_app sysfs_chip_id:file r_file_perms;

-# Fuel
-userdebug_or_eng(`
-  allow hardware_info_app vendor_maxfg_debugfs:dir search;
-  allow hardware_info_app vendor_maxfg_debugfs:file r_file_perms;
-')
-
 # Batery history
 allow hardware_info_app battery_history_device:chr_file r_file_perms;