From a23d1bb37bac9396469dfe7e7b93626c5cfb863c Mon Sep 17 00:00:00 2001 From: Kris Chen Date: Wed, 23 Jun 2021 16:19:00 +0800 Subject: [PATCH] Allow fingerprint hal to read sysfs_chosen Fixes the following avc denial: android.hardwar: type=1400 audit(0.0:49): avc: denied { search } for name="chosen" dev="sysfs" ino=9575 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_chosen:s0 tclass=dir permissive=1 android.hardwar: type=1400 audit(0.0:50): avc: denied { read } for name="platform" dev="sysfs" ino=9591 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_chosen:s0 tclass=file permissive=1 android.hardwar: type=1400 audit(0.0:51): avc: denied { open } for path="/sys/firmware/devicetree/base/chosen/plat/platform" dev="sysfs" ino=9591 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_chosen:s0 tclass=file permissive=1 Bug: 191832617 Test: Enroll and authenticate fingerprints. Change-Id: I5c576cc210d9e85b1999655bdc27736183db8aed --- whitechapel/vendor/google/hal_fingerprint_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te index 755ab473..a7f769bf 100644 --- a/whitechapel/vendor/google/hal_fingerprint_default.te +++ b/whitechapel/vendor/google/hal_fingerprint_default.te @@ -15,3 +15,6 @@ add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice) # allow fingerprint to access power hal hal_client_domain(hal_fingerprint_default, hal_power); + +# Allow access to the files of CDT information. +r_dir_file(hal_fingerprint_default, sysfs_chosen)