Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sepolicy: gs101: allows pixelstat to access audio metrics nodes

Browse source 
audio.service: type=1400 audit(0.0:30): avc: denied { read write } for name="amcs" dev="tmpfs" ino=739 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:amcs_device:s0 tclass=chr_file permissive=0

pixelstats-vend: type=1400 audit(0.0:9): avc: denied { read } for name="speaker_impedance" dev="sysfs" ino=67611 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

HwBinder:696_2: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/amcs" dev="tmpfs" ino=766 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:amcs_device:s0 tclass=chr_file permissive=0

Bug: 171854614
Test: manually test, no avc: denied.
Change-Id: I82ebd22f167200ab3cf59e6525ef43c0be8f722a
This commit is contained in:
Roger Fang 2021-04-21 05:36:42 +00:00
parent d60ae7dfed
commit 66634d4d20
6 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
whitechapel/vendor/google/device.te vendored
View file

@ -56,3 +56,7 @@ type aoc_device, dev_type;
# Fingerprint device
type fingerprint_device, dev_type;
# AMCS device
type amcs_device, dev_type;

3
whitechapel/vendor/google/file.te vendored
View file

@ -197,3 +197,6 @@ type sysfs_lhbm, sysfs_type, fs_type, mlstrustedobject;
# UWB vendor
type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
# PixelStats_vendor
type sysfs_pixelstats, fs_type, sysfs_type;

1
whitechapel/vendor/google/file_contexts vendored
View file

@ -315,6 +315,7 @@
/dev/acd-debug u:object_r:aoc_device:s0
/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
/dev/amcs u:object_r:amcs_device:s0
# Trusty
/vendor/bin/securedpud.slider u:object_r:securedpud_slider_exec:s0

9
whitechapel/vendor/google/genfs_contexts vendored
View file

@ -285,3 +285,12 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count
# mediacodec
genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_video:s0
# pixelstat_vendor
genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0

4
whitechapel/vendor/google/hal_audio_default.te vendored
View file

@ -14,6 +14,10 @@ allow hal_audio_default aoc_device:chr_file rw_file_perms;
allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
allow hal_audio_default amcs_device:file rw_file_perms;
allow hal_audio_default amcs_device:chr_file rw_file_perms;
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
#allow access to DMABUF Heaps for AAudio API
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;

1
whitechapel/vendor/google/pixelstats_vendor.te vendored
View file

@ -14,3 +14,4 @@ binder_use(pixelstats_vendor);
allow pixelstats_vendor fwk_stats_service:service_manager find;
allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;