From 985aa698c7c4a104135b92d263922b50fbfcad22 Mon Sep 17 00:00:00 2001 From: Sung-fang Tsai Date: Sat, 22 May 2021 15:22:47 +0000 Subject: [PATCH] qllow priv-app to access Pixel power HAL extension. SELinux issues to solve: native : aion.cc:780 Error loading lib_aion_buffer.so dlopen failed: library "pixel-power-ext-V1-ndk_platform.so" not found: needed by /vendor/lib64/lib_aion_buffer.so in namespace sphal 05-23 10:11:32.055 420 420 E SELinux : avc: denied { find } for pid=6630 uid=10089 name=android.hardware.power.IPower/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=0 Bug: 187373665 Test: Passed, procedure listed in b/187373665#comment8 with forrest. Change-Id: Ice7c69bca4a029a61ca1ccb7087ea01948ae5f24 --- edgetpu/priv_app.te | 3 +++ whitechapel/vendor/google/file_contexts | 1 + 2 files changed, 4 insertions(+) diff --git a/edgetpu/priv_app.te b/edgetpu/priv_app.te index a9b49c33..db6e0a27 100644 --- a/edgetpu/priv_app.te +++ b/edgetpu/priv_app.te @@ -7,3 +7,6 @@ allow priv_app edgetpu_nnapi_service:service_manager find; # Allows privileged applications to access the EdgeTPU device, except open, # which is guarded by the EdgeTPU service. allow priv_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Allows privileged applications to access the PowerHAL. +hal_client_domain(priv_app, hal_power) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 71864a0d..6c9bc57f 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -177,6 +177,7 @@ /data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0 /vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/pixel-power-ext-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0 /dev/stmvl53l1_ranging u:object_r:rls_device:s0