From 5019452cbba5567f864b170155257a7890731fe6 Mon Sep 17 00:00:00 2001 From: Lopy Cheng Date: Wed, 10 Mar 2021 20:07:06 +0800 Subject: [PATCH] HardwareInfo: Add sepolicy for display hardwareinfo: type=1400 audit(0.0:17): avc: denied { read } for name="serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo hardwareinfo: type=1400 audit(0.0:18): avc: denied { open } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo hardwareinfo: type=1400 audit(0.0:19): avc: denied { getattr } for path="/sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number" dev="sysfs" ino=68309 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_display:s0 tclass=file permissive=1 app=com.google.android.hardwareinfo Bug: 161943795 Test: 1. Remove hardwareinfo app rm -r /data/data/com.google.android.hardwareinfo/ 2. Connect wifi and reboot 3. Check the HardwareInfoService status. 4. There is no AVC denied log. Change-Id: I4d1c83a1c5b0f2f3bdd64ab79ab45fb69470b25b --- whitechapel/vendor/google/hardware_info_app.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/hardware_info_app.te b/whitechapel/vendor/google/hardware_info_app.te index b8774183..c5bfb879 100644 --- a/whitechapel/vendor/google/hardware_info_app.te +++ b/whitechapel/vendor/google/hardware_info_app.te @@ -3,3 +3,7 @@ type hardware_info_app, domain; app_domain(hardware_info_app) allow hardware_info_app app_api_service:service_manager find; + +# Display +allow hardware_info_app sysfs_display:dir search; +allow hardware_info_app sysfs_display:file r_file_perms;