From a3678d9487832929bd7e7e33c23c62c0dcecd80e Mon Sep 17 00:00:00 2001
From: Jack Wu <wjack@google.com>
Date: Mon, 8 Mar 2021 21:21:30 +0800
Subject: [PATCH] hal_power_stats_default: Fix avc denials

[  351.298850] type=1400 audit(1614041245.976:13): avc: denied { read } for comm="android.hardwar" name="hf1_wfi" dev="sysfs" ino=78155 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
[  698.658433] type=1400 audit(1614041593.336:1733): avc: denied { open } for comm="stats@1.0-servi" path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:53:13.336   673   673 I stats@1.0-servi: type=1400 audit(0.0:1734): avc: denied { getattr } for path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:52:26.228   670   670 I android.hardwar: type=1400 audit(0.0:724): avc: denied { search } for name="19000000.aoc" dev="sysfs" ino=18343 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=1

Bug: 180963514
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Iab245b320c1f6e75407f1fafb5ad20a087b1a707
---
 tracking_denials/hal_power_stats_default.te   | 56 -------------------
 whitechapel/vendor/google/genfs_contexts      | 15 +++++
 .../vendor/google/hal_power_stats_default.te  |  8 +++
 3 files changed, 23 insertions(+), 56 deletions(-)

diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te
index 20c95e4b..866c5176 100644
--- a/tracking_denials/hal_power_stats_default.te
+++ b/tracking_denials/hal_power_stats_default.te
@@ -1,7 +1,6 @@
 # b/171760721
 dontaudit hal_power_stats_default sysfs:file { read };
 dontaudit hal_power_stats_default sysfs:file { getattr };
-dontaudit hal_power_stats_default citadeld:binder { call };
 dontaudit hal_power_stats_default sysfs:file { read };
 dontaudit hal_power_stats_default sysfs:file { getattr };
 dontaudit hal_power_stats_default sysfs:file { open };
@@ -11,58 +10,3 @@ dontaudit hal_power_stats_default sysfs:dir { open };
 dontaudit hal_power_stats_default sysfs:file { read };
 dontaudit hal_power_stats_default sysfs:file { open };
 dontaudit hal_power_stats_default sysfs:file { open };
-# b/176777337
-dontaudit hal_power_stats_default sysfs_leds:dir search ;
-dontaudit hal_power_stats_default sysfs_leds:file open ;
-dontaudit hal_power_stats_default sysfs_leds:dir search ;
-dontaudit hal_power_stats_default sysfs_leds:file read ;
-dontaudit hal_power_stats_default sysfs_leds:file open ;
-# b/176868314
-dontaudit hal_power_stats_default sysfs_leds:file read ;
-dontaudit hal_power_stats_default sysfs_leds:file open ;
-dontaudit hal_power_stats_default sysfs_leds:dir search ;
-# b/179093124
-dontaudit hal_power_stats_default sysfs_backlight:file { open };
-dontaudit hal_power_stats_default sysfs_backlight:file { read };
-dontaudit hal_power_stats_default sysfs_backlight:file { open };
-dontaudit hal_power_stats_default sysfs_backlight:dir { search };
-dontaudit hal_power_stats_default sysfs_backlight:dir { search };
-dontaudit hal_power_stats_default sysfs_backlight:file { read };
-# b/180963514
-dontaudit hal_power_stats_default sysfs_aoc:file { read };
-dontaudit hal_power_stats_default sysfs_aoc:file { read };
-dontaudit hal_power_stats_default sysfs_aoc:file { open };
-dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
-dontaudit hal_power_stats_default sysfs_aoc:file { open };
-dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
-dontaudit hal_power_stats_default sysfs_aoc:dir { search };
-dontaudit hal_power_stats_default sysfs_aoc:file { read };
-dontaudit hal_power_stats_default sysfs_aoc:file { open };
-dontaudit hal_power_stats_default sysfs_aoc:file { open };
-dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
-dontaudit hal_power_stats_default sysfs_aoc:dir { search };
-dontaudit hal_power_stats_default sysfs_aoc:dir { search };
-dontaudit hal_power_stats_default sysfs_aoc:file { read };
-dontaudit hal_power_stats_default sysfs_aoc:file { open };
-dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
-dontaudit hal_power_stats_default sysfs_aoc:file { read };
-# b/181915165
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
-dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
-dontaudit hal_power_stats_default sysfs_wifi:file { getattr };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
-dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
-dontaudit hal_power_stats_default sysfs_wifi:file { open };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { open };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { getattr };
-dontaudit hal_power_stats_default sysfs_wifi:file { getattr };
-dontaudit hal_power_stats_default sysfs_wifi:file { open };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
-dontaudit hal_power_stats_default sysfs_wifi:file { read };
-dontaudit hal_power_stats_default sysfs_wifi:dir { search };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { getattr };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { open };
-dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
-dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
-dontaudit hal_power_stats_default sysfs_wifi:dir { search };
-dontaudit hal_power_stats_default sysfs_wifi:file { read };
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index b98a7494..759f260b 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -107,7 +107,22 @@ genfscon proc /bluetooth/sleep/btwrite
 genfscon proc /bluetooth/sleep/btwake                                                           u:object_r:proc_bluetooth_writable:s0
 
 # ODPM
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name          u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name          u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
+
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name          u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
 genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name          u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
 
 # Chosen
diff --git a/whitechapel/vendor/google/hal_power_stats_default.te b/whitechapel/vendor/google/hal_power_stats_default.te
index 8ffff074..3fd46419 100644
--- a/whitechapel/vendor/google/hal_power_stats_default.te
+++ b/whitechapel/vendor/google/hal_power_stats_default.te
@@ -6,4 +6,12 @@ binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
 
 allow hal_power_stats_default odpm_config_file:dir search;
 allow hal_power_stats_default odpm_config_file:file r_file_perms;
+allow hal_power_stats_default sysfs_odpm:dir search;
 allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
+
+binder_call(hal_power_stats_default, citadeld)
+r_dir_file(hal_power_stats_default, sysfs_aoc)
+r_dir_file(hal_power_stats_default, sysfs_leds)
+r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
+r_dir_file(hal_power_stats_default, sysfs_wifi)
+r_dir_file(hal_power_stats_default, sysfs_backlight)