From 916db9578a7a82ab2759641a061331f9b114c992 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 1 Aug 2024 03:24:18 +0000 Subject: [PATCH 1/3] Correct OWNERS file config Fix: 356741875 Flag: EXEMPT bugfix Change-Id: I3a446d7703718b82048277fb76375cd25a8b9bd9 --- OWNERS | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4a..16c7ea90 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,4 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS + +wilsonsung@google.com -rurumihong@google.com From f43ae1581cb926f7023c603f57da8b12a7f5bde6 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 18 Jul 2024 08:56:55 +0000 Subject: [PATCH 2/3] Allow composer to access pixeldisplayservice_app avc: denied { call } for comm="binder:492_5" scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:r:pixeldisplayservice_app:s0:c250,c256,c512,c768 tclass=binder permissive=0 Bug: 315496839 Flag: EXEMPT bugfix Test: no avc denied Change-Id: Ie8d4c4e94fdf8d46c291d61d8bc0bf69a28ccdd3 --- caiman/pixeldisplayservice_app.te | 1 + komodo/pixeldisplayservice_app.te | 1 + 2 files changed, 2 insertions(+) create mode 100644 caiman/pixeldisplayservice_app.te create mode 100644 komodo/pixeldisplayservice_app.te diff --git a/caiman/pixeldisplayservice_app.te b/caiman/pixeldisplayservice_app.te new file mode 100644 index 00000000..f2cef9d5 --- /dev/null +++ b/caiman/pixeldisplayservice_app.te @@ -0,0 +1 @@ +binder_call(hal_graphics_composer_default, pixeldisplayservice_app) diff --git a/komodo/pixeldisplayservice_app.te b/komodo/pixeldisplayservice_app.te new file mode 100644 index 00000000..f2cef9d5 --- /dev/null +++ b/komodo/pixeldisplayservice_app.te @@ -0,0 +1 @@ +binder_call(hal_graphics_composer_default, pixeldisplayservice_app) From 081c60222b41261d1321cd8c763f273a013596d8 Mon Sep 17 00:00:00 2001 From: Frank Yu Date: Thu, 22 Aug 2024 09:36:11 +0000 Subject: [PATCH 3/3] Move hal_radio_ext_service related policy to gs-common. Bug: 361210953 Change-Id: I740229a3b53d8ee8f892bc6f32cc6f1e82cf737e Test: Manual test on P24 and no related avc errors. Flag: EXEMPT sepolicy refactor --- caiman/grilservice_app.te | 3 --- komodo/grilservice_app.te | 3 --- tokay/grilservice_app.te | 3 --- 3 files changed, 9 deletions(-) diff --git a/caiman/grilservice_app.te b/caiman/grilservice_app.te index 3c9a3785..8da107e8 100644 --- a/caiman/grilservice_app.te +++ b/caiman/grilservice_app.te @@ -1,6 +1,3 @@ -allow grilservice_app hal_radio_ext_service:service_manager find; -binder_call(grilservice_app, hal_radio_ext) - binder_use(grilservice_app) allow grilservice_app gril_antenna_tuning_service:service_manager find; binder_call(grilservice_app, gril_antenna_tuning_service) diff --git a/komodo/grilservice_app.te b/komodo/grilservice_app.te index 3c9a3785..8da107e8 100644 --- a/komodo/grilservice_app.te +++ b/komodo/grilservice_app.te @@ -1,6 +1,3 @@ -allow grilservice_app hal_radio_ext_service:service_manager find; -binder_call(grilservice_app, hal_radio_ext) - binder_use(grilservice_app) allow grilservice_app gril_antenna_tuning_service:service_manager find; binder_call(grilservice_app, gril_antenna_tuning_service) diff --git a/tokay/grilservice_app.te b/tokay/grilservice_app.te index 3c9a3785..8da107e8 100644 --- a/tokay/grilservice_app.te +++ b/tokay/grilservice_app.te @@ -1,6 +1,3 @@ -allow grilservice_app hal_radio_ext_service:service_manager find; -binder_call(grilservice_app, hal_radio_ext) - binder_use(grilservice_app) allow grilservice_app gril_antenna_tuning_service:service_manager find; binder_call(grilservice_app, gril_antenna_tuning_service)