Solve SEPolicy issue with the Troubleshooting Wizard

- Allow pixelsystemservice_app to access GIA - Allow GIA to execute a callback for pixelsystemservice_app [avc error] 12-09 20:39:51.287 416 416 E SELinux : avc: denied { find } for pid=5454 uid=10285 name=com.google.input.gia.core.IGiaService/default scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:object_r:hal_gia_service:s0 tclass=service_manager permissive=1 12-09 20:39:51.280 5454 5454 I pool-4-thread-1: type=1400 audit(0.0:19): avc: denied { call } for scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:r:gia:s0 tclass=binder permissive=1 app=com.google.android.pixelsystemservice 12-09 20:39:51.280 5454 5454 I pool-4-thread-1: type=1400 audit(0.0:20): avc: denied { transfer } for scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:r:gia:s0 tclass=binder permissive=1 app=com.google.android.pixelsystemservice 12-09 20:39:51.280 1341 1341 I binder:1341_3: type=1400 audit(0.0:21): avc: denied { call } for scontext=u:r:gia:s0 tcontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tclass=binder permissive=1 Flag: EXEMPT, bug-fix only. Bug: 379991501 Change-Id: I14942cc0df9b9032b2c054fc87d29fc8098aa455 Signed-off-by: Kai Hsieh <kaihsieh@google.com>
2024-12-17 16:37:04 +08:00 · 2024-12-17 16:37:04 +08:00 · 13dcd24c48
commit 13dcd24c48
parent e67bff18e9
1 changed files with 7 additions and 0 deletions
--- a/input/gia/sepolicy/gia.te
+++ b/input/gia/sepolicy/gia.te
@ -16,3 +16,10 @@ hal_server_domain(gia, hal_gia)
 # allow gia for accessing touch related system file-nodes
 allow gia sysfs_touch_gti:dir r_dir_perms;
 allow gia sysfs_touch_gti:file rw_file_perms;
+
+# allow pixelsystemservice_app to communicate with gia
+binder_use(pixelsystemservice_app)
+hal_client_domain(pixelsystemservice_app, hal_gia)
+
+# allow gia to execute callback for pixelsystemservice_app
+binder_call(gia, pixelsystemservice_app)