From 69d9e01e8aff9b22c25b28dbb5ce7d190c891898 Mon Sep 17 00:00:00 2001 From: Shinru Han Date: Tue, 22 Aug 2023 07:58:31 +0000 Subject: [PATCH] gps: pixel gnss aidl service (sepolicy) avc: denied { call } for scontext=u:r:servicemanager:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0 avc: denied { call } for scontext=u:r:hal_gnss_pixel:s0 tcontext=u:r:hal_gnss_default:s0 tclass=binder permissive=0 avc: denied { call } for scontext=u:r:hal_gnss_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0 avc: denied { read } for name="modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=66325 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Bug: 298924540 Test: No avc deny Change-Id: I77ec1cb171781dd3c671a975a5c049a48d5bcccb --- vendor/file.te | 1 + vendor/file_contexts | 2 ++ vendor/genfs_contexts | 3 +++ vendor/hal_gnss_pixel.te | 12 ++++++++++++ vendor/service_contexts | 1 + vendor/servicemanager.te | 1 + 6 files changed, 20 insertions(+) create mode 100644 vendor/file.te create mode 100644 vendor/hal_gnss_pixel.te create mode 100644 vendor/service_contexts create mode 100644 vendor/servicemanager.te diff --git a/vendor/file.te b/vendor/file.te new file mode 100644 index 0000000..27f6f85 --- /dev/null +++ b/vendor/file.te @@ -0,0 +1 @@ +type sysfs_modem_state, sysfs_type, fs_type; \ No newline at end of file diff --git a/vendor/file_contexts b/vendor/file_contexts index fe34ef6..9a1f1b0 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -12,7 +12,9 @@ /vendor/bin/hw/sctd u:object_r:sctd_exec:s0 /vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0 /vendor/bin/hw/spad u:object_r:spad_exec:s0 + /vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0 +/vendor/bin/hw/android.hardware.gnss-service.pixel u:object_r:hal_gnss_pixel_exec:s0 # gnss/gps data/log files /data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 7c6ce99..3e956d6 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -61,3 +61,6 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-s genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/tcpm-source-psy-9-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/gnssif/wakeup u:object_r:sysfs_wakeup:s0 + +# modem state +genfscon sysfs /devices/platform/cpif/modem_state u:object_r:sysfs_modem_state:s0 diff --git a/vendor/hal_gnss_pixel.te b/vendor/hal_gnss_pixel.te new file mode 100644 index 0000000..4318875 --- /dev/null +++ b/vendor/hal_gnss_pixel.te @@ -0,0 +1,12 @@ +type hal_gnss_pixel, domain; +hal_server_domain(hal_gnss_pixel, hal_gnss) + +type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_gnss_pixel) + +#IPC between pixel and vendor HAL +binder_call(hal_gnss_pixel, hal_gnss_default) +binder_call(hal_gnss_default, hal_gnss_pixel) + +#Read modem state /sys/bus/platform/devices/cpif/modem_state +allow hal_gnss_pixel sysfs_modem_state:file r_file_perms; \ No newline at end of file diff --git a/vendor/service_contexts b/vendor/service_contexts new file mode 100644 index 0000000..ac23c90 --- /dev/null +++ b/vendor/service_contexts @@ -0,0 +1 @@ +android.hardware.gnss.IGnss/vendor u:object_r:hal_gnss_service:s0 diff --git a/vendor/servicemanager.te b/vendor/servicemanager.te new file mode 100644 index 0000000..c532b2b --- /dev/null +++ b/vendor/servicemanager.te @@ -0,0 +1 @@ +binder_call(servicemanager, hal_gnss_pixel)