From 3050ed8ed9c4e4bbb30ceaa60434f0be965f2a41 Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Tue, 13 Jul 2021 20:09:14 +0800 Subject: [PATCH] Set sepolicy for shell script of disabling contaminant detection The avc denials are listed in b/192208389#comment10. Bug: 192208389 Test: Manually tested Change-Id: Ib2e3cf498851c0c9e5e74aacc9bf391549c0ad1a Signed-off-by: Darren Hsu --- .../disable-contaminant-detection-sh.te | 7 +++++ whitechapel/vendor/google/file_contexts | 3 +- whitechapel/vendor/google/genfs_contexts | 30 ++++--------------- 3 files changed, 15 insertions(+), 25 deletions(-) create mode 100644 whitechapel/vendor/google/disable-contaminant-detection-sh.te diff --git a/whitechapel/vendor/google/disable-contaminant-detection-sh.te b/whitechapel/vendor/google/disable-contaminant-detection-sh.te new file mode 100644 index 00000000..95845a18 --- /dev/null +++ b/whitechapel/vendor/google/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 86af0a91..5360a0a7 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -271,7 +271,8 @@ /vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0 # USB -/vendor/bin/hw/set_usb_irq\.sh u:object_r:set-usb-irq-sh_exec:s0 +/vendor/bin/hw/set_usb_irq\.sh u:object_r:set-usb-irq-sh_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # NFC /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 42ff564a..cc285c9a 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -16,42 +16,24 @@ genfscon sysfs /devices/platform/google,cpm/power_supply genfscon sysfs /devices/platform/google,cpm/ u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d50000.hsi2c u:object_r:sysfs_batteryinfo:s0 # Slider -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0050 u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0050/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 -# Whitefin -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050 u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0050/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10d10000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 # R4 / P7 LunchBox -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0061/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + genfscon sysfs /devices/platform/10d30000.spi/spi_master/spi10/spi10.0/uwb/power_stats u:object_r:sysfs_power_stats:s0 # O6 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 - # Storage genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0 genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0