303cf04de1
[ 7564.504317] type=1400 audit(1731556655.872:63): avc: denied { create } for comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800
flag: EXEMPT the function has been verified at userdebug ROM.
Bug: 378004800
Bug: 377446770
Test: b/378004800 abtd to check sepolicy
Test: b/377446770#comment1 verified the coredump function on user ROM.
Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01
29 lines
987 B
Text
29 lines
987 B
Text
#IPC between pixel and vendor HAL
|
|
binder_call(hal_gnss_pixel, hal_gnss_default)
|
|
|
|
#Read modem state
|
|
allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
|
|
|
|
#Toggle coredump node
|
|
allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
|
|
|
|
# Allow access to CHRE multiclient HAL.
|
|
get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
|
|
|
|
# Allow read vendor gps prop.
|
|
get_prop(hal_gnss_pixel, vendor_gps_prop)
|
|
|
|
# Allow binder to CHRE.
|
|
binder_call(hal_gnss_pixel, hal_contexthub_default)
|
|
allow hal_gnss_pixel hal_contexthub_service:service_manager find;
|
|
|
|
# Allow connect to gnss service
|
|
allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
|
|
allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
|
|
|
|
# Allow access ssrdump information
|
|
allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms;
|
|
allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
|
|
|
|
# Allow pixel gnss access vendor_gps_file
|
|
allow hal_gnss_pixel vendor_gps_file:file create_file_perms;
|