From e155aa7c04886746b4a22c64cd9d4ec3ef6130c7 Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Wed, 24 Jul 2024 12:17:30 +0000 Subject: [PATCH] WLC: service: add sepolicy for property vendor.wlcservice.test avc: denied { read } for comm="binder:882_3" name="u:object_r:default_prop:s0" dev="tmpfs" ino=172 scontext=u:r:hal_wlcservice:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 Test: authentication test mode Bug: 350830879 Flag: EXEMPT bugfix Change-Id: Ie9f8fc5cce8e62b06931b77aa8cd16a3c9516fb5 Signed-off-by: YiKai Peng --- wireless_charger/sepolicy/hal_wlcservice.te | 2 ++ wireless_charger/sepolicy/property.te | 1 + wireless_charger/sepolicy/property_contexts | 1 + 3 files changed, 4 insertions(+) create mode 100644 wireless_charger/sepolicy/property.te create mode 100644 wireless_charger/sepolicy/property_contexts diff --git a/wireless_charger/sepolicy/hal_wlcservice.te b/wireless_charger/sepolicy/hal_wlcservice.te index eadb593..6eba2ef 100644 --- a/wireless_charger/sepolicy/hal_wlcservice.te +++ b/wireless_charger/sepolicy/hal_wlcservice.te @@ -8,6 +8,8 @@ allow hal_wlcservice vendor_wlc_file:file create_file_perms; allow hal_wlcservice hal_wireless_charger_service:service_manager find; allow hal_wlcservice kmsg_device:chr_file { getattr w_file_perms }; +get_prop(hal_wlcservice, vendor_wlcservice_test_prop) + binder_call(hal_wlcservice, servicemanager) add_service(hal_wlcservice, hal_wlcservice_service) diff --git a/wireless_charger/sepolicy/property.te b/wireless_charger/sepolicy/property.te new file mode 100644 index 0000000..b8ddbdf --- /dev/null +++ b/wireless_charger/sepolicy/property.te @@ -0,0 +1 @@ +vendor_internal_prop(vendor_wlcservice_test_prop) diff --git a/wireless_charger/sepolicy/property_contexts b/wireless_charger/sepolicy/property_contexts new file mode 100644 index 0000000..8cf8f70 --- /dev/null +++ b/wireless_charger/sepolicy/property_contexts @@ -0,0 +1 @@ +vendor.wlcservice.test.authentication u:object_r:vendor_wlcservice_test_prop:s0 exact bool