sepolicy: add sensor related rules for AIDL APIs

SELinux : avc: denied { find } for pid=703 uid=1000name=android.frameworks.stats.IStats/default scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1 android.hardwar: type=1400 audit(0.0:24): avc: denied { transfer } for scontext=u:r:hal_sensors_default:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1 Bug: 182086688 Test: make selinux_policy -j128 and push to device. Test: avc denials are disappeared in boot log. Change-Id: I13e658c1cef3bd24ae25cc1c22dd9336b4e45b0f
2021-03-08 13:59:03 +08:00 · 2021-03-08 13:59:03 +08:00 · 94095e1fd3
commit 94095e1fd3
parent 433719c74f
1 changed files with 4 additions and 0 deletions
--- a/whitechapel/vendor/google/hal_sensors_default.te
+++ b/whitechapel/vendor/google/hal_sensors_default.te
@ -17,3 +17,7 @@ allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;

 # Allow access to the sysfs_aoc.
 allow hal_sensors_default sysfs_aoc:dir search;
+
+# Allow SensorSuez to connect AIDL stats.
+binder_use(hal_sensors_default);
+allow hal_sensors_default fwk_stats_service:service_manager find;