From 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad Mon Sep 17 00:00:00 2001 From: Chris Paulo Date: Tue, 30 Aug 2022 00:29:28 +0000 Subject: [PATCH] [DO NOT MERGE] device/sepolicy: Add sepolicy for vibrator hal Added sepolicy for vibrator hal specific to device uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1' avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1 avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1 avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms Bug: 198239103 Test: Verified functionality Signed-off-by: Chris Paulo Change-Id: I1f38a069c06c5cc142236aed9cb34eede77c0315 --- bluejay-sepolicy.mk | 1 + vendor/file_contexts | 2 ++ vendor/hal_vibrator_default.te | 3 +++ vendor/property_contexts | 2 ++ vendor/vendor_init.te | 2 ++ 5 files changed, 10 insertions(+) create mode 100644 vendor/file_contexts create mode 100644 vendor/hal_vibrator_default.te create mode 100644 vendor/property_contexts create mode 100644 vendor/vendor_init.te diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..5a2b557 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,3 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..66359fc --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,2 @@ +# Haptics +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay u:object_r:hal_vibrator_default_exec:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te new file mode 100644 index 0000000..8cb0c72 --- /dev/null +++ b/vendor/hal_vibrator_default.te @@ -0,0 +1,3 @@ +# Allow Vibrator HAL to communicate with daemon via socket +allow hal_vibrator_default chre:unix_stream_socket connectto; +allow hal_vibrator_default chre_socket:sock_file write; diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..4222a57 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,2 @@ +# Haptics +persist.vendor.vibrator.hal. u:object_r:vendor_vibrator_prop:s0 diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te new file mode 100644 index 0000000..6641c23 --- /dev/null +++ b/vendor/vendor_init.te @@ -0,0 +1,2 @@ +# Haptics +get_prop(vendor_init, adaptive_haptics_prop)