From 13dcd24c48b16d8f857dbeaeaf59c3572bf88f9b Mon Sep 17 00:00:00 2001 From: Kai Hsieh Date: Tue, 17 Dec 2024 16:37:04 +0800 Subject: [PATCH] Solve SEPolicy issue with the Troubleshooting Wizard - Allow pixelsystemservice_app to access GIA - Allow GIA to execute a callback for pixelsystemservice_app [avc error] 12-09 20:39:51.287 416 416 E SELinux : avc: denied { find } for pid=5454 uid=10285 name=com.google.input.gia.core.IGiaService/default scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:object_r:hal_gia_service:s0 tclass=service_manager permissive=1 12-09 20:39:51.280 5454 5454 I pool-4-thread-1: type=1400 audit(0.0:19): avc: denied { call } for scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:r:gia:s0 tclass=binder permissive=1 app=com.google.android.pixelsystemservice 12-09 20:39:51.280 5454 5454 I pool-4-thread-1: type=1400 audit(0.0:20): avc: denied { transfer } for scontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tcontext=u:r:gia:s0 tclass=binder permissive=1 app=com.google.android.pixelsystemservice 12-09 20:39:51.280 1341 1341 I binder:1341_3: type=1400 audit(0.0:21): avc: denied { call } for scontext=u:r:gia:s0 tcontext=u:r:pixelsystemservice_app:s0:c29,c257,c512,c768 tclass=binder permissive=1 Flag: EXEMPT, bug-fix only. Bug: 379991501 Change-Id: I14942cc0df9b9032b2c054fc87d29fc8098aa455 Signed-off-by: Kai Hsieh --- input/gia/sepolicy/gia.te | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/input/gia/sepolicy/gia.te b/input/gia/sepolicy/gia.te index 2c84e7c..a0244d2 100644 --- a/input/gia/sepolicy/gia.te +++ b/input/gia/sepolicy/gia.te @@ -16,3 +16,10 @@ hal_server_domain(gia, hal_gia) # allow gia for accessing touch related system file-nodes allow gia sysfs_touch_gti:dir r_dir_perms; allow gia sysfs_touch_gti:file rw_file_perms; + +# allow pixelsystemservice_app to communicate with gia +binder_use(pixelsystemservice_app) +hal_client_domain(pixelsystemservice_app, hal_gia) + +# allow gia to execute callback for pixelsystemservice_app +binder_call(gia, pixelsystemservice_app)