Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Let debugfs be accessed only for non-user builds

Browse source 
Since production devices(with user builds) must not mount debugfs,
provide dumpstate HAL permission to access debugfs only in userdebug/eng
builds.

Also, delete dumpstate domain's access to
vendor_dmabuf_debugfs(/d/dma_buf/bufinfo) since dumpstate now obtains
the same information from /sys/kernel/dmabuf.

Test: build
Bug: 186500818
Change-Id: I17007d495fba6332bbf17dc7d030e5c6e4d5248b
This commit is contained in:
Hridya Valsaraju 2021-05-10 15:38:15 -07:00
parent 9e6528da08
commit 70551d2bc9
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
whitechapel/vendor/google/dumpstate.te vendored
View file

@ -2,7 +2,6 @@ dump_hal(hal_telephony)
dump_hal(hal_graphics_composer) dump_hal(hal_graphics_composer)
userdebug_or_eng(` userdebug_or_eng(`
allow dumpstate vendor_dmabuf_debugfs:file r_file_perms;
allow dumpstate media_rw_data_file:file append; allow dumpstate media_rw_data_file:file append;
') ')

5
whitechapel/vendor/google/hal_dumpstate_default.te vendored
View file

@ -77,8 +77,6 @@ allow hal_dumpstate_default sysfs_chip_id:file r_file_perms;
allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
allow hal_dumpstate_default debugfs_f2fs:file r_file_perms;
allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms; allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms;
@ -131,6 +129,9 @@ userdebug_or_eng(`
allow hal_dumpstate_default sysfs_bcl:lnk_file read; allow hal_dumpstate_default sysfs_bcl:lnk_file read;
allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms; allow hal_dumpstate_default tcpdump_vendor_data_file:dir create_dir_perms;
allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms; allow hal_dumpstate_default tcpdump_vendor_data_file:file create_file_perms;
allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
allow hal_dumpstate_default debugfs_f2fs:file r_file_perms;
set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop) set_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
') ')