b7aa4a2742
Attached AVC error log in commit message:
```
[ 68.276362] SELinux: avc: denied { find } for pid=6775 uid=0 name=android.frameworks.stats.IStats/default scontext=u:r:gia:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
[ 68.280115] type=1400 audit(1736239951.684:21): avc: denied { call } for comm="binder:6775_3" scontext=u:r:gia:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
```
Flag: build.RELEASE_PIXEL_GIA_ENABLED
Test: Manualy, check `dmesg` to make sure that the cooresponding service can be started normally.
Bug: 369965212
Change-Id: I26d4b324f1359b1b895ea8d3fd51c0877098c5ea
Signed-off-by: Kai Hsieh <kaihsieh@google.com>
22 lines
699 B
Text
22 lines
699 B
Text
# SEPolicies for GIA (Google Input interface Abstraction layer)
|
|
type gia, domain;
|
|
type gia_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
# Macro transferring gia_exec to the gia domain
|
|
init_daemon_domain(gia)
|
|
|
|
# let this domain use the hal service
|
|
hal_client_domain(gia, hal_gia)
|
|
# allow binder communication with service_manager
|
|
binder_use(gia)
|
|
|
|
# let this domain serve the hal service
|
|
hal_server_domain(gia, hal_gia)
|
|
|
|
# allow gia for accessing touch related system file-nodes
|
|
allow gia sysfs_touch_gti:dir r_dir_perms;
|
|
allow gia sysfs_touch_gti:file rw_file_perms;
|
|
|
|
# allow gia for collecting device stats
|
|
allow gia fwk_stats_service:service_manager find;
|
|
binder_call(gia, stats_service_server);
|