Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix avc denied for Silent Logging am: 204dc05aa4

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14182163

Change-Id: I32b6542ade23e244d4758e88d8d2f2faa10bfdcb
This commit is contained in:
Aaron Tsai 2021-04-14 12:42:13 +00:00 committed by Automerger Merge Worker
commit 9c8ec42d54
4 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tracking_denials/sced.te
View file

@ -1,4 +0,0 @@
# b/171760846
dontaudit sced hidl_base_hwservice:hwservice_manager { add };
dontaudit sced hal_vendor_oem_hwservice:hwservice_manager { add };
dontaudit sced hal_vendor_oem_hwservice:hwservice_manager { find };

3
whitechapel/vendor/google/dmd.te vendored
View file

@ -25,7 +25,8 @@ get_prop(dmd, vendor_persist_config_default_prop)
# Grant to access hwservice manager
get_prop(dmd, hwservicemanager_prop)
add_hwservice(dmd, hal_vendor_oem_hwservice)
allow dmd hidl_base_hwservice:hwservice_manager add;
allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
binder_call(dmd, hwservicemanager)
binder_call(dmd, modem_diagnostic_app)
binder_call(dmd, modem_logging_control)

15
whitechapel/vendor/google/sced.te vendored
View file

@ -2,9 +2,22 @@ type sced, domain;
type sced_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(sced)
typeattribute sced vendor_executes_system_violators;
userdebug_or_eng(`
hwbinder_use(sced)
binder_call(sced, dmd)
binder_call(sced, vendor_telephony_app)
get_prop(sced, hwservicemanager_prop)
')
allow sced self:packet_socket create_socket_perms_no_ioctl;
allow sced self:capability net_raw;
allow sced shell_exec:file rx_file_perms;
allow sced tcpdump_exec:file rx_file_perms;
allow sced vendor_shell_exec:file x_file_perms;
allow sced vendor_slog_file:dir create_dir_perms;
allow sced vendor_slog_file:file create_file_perms;
allow sced hidl_base_hwservice:hwservice_manager add;
allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
')

1
whitechapel/vendor/google/vendor_telephony_app.te vendored
View file

@ -16,3 +16,4 @@ allow vendor_telephony_app vendor_slog_file:file create_file_perms;
allow vendor_telephony_app app_api_service:service_manager find;
allow vendor_telephony_app hal_vendor_oem_hwservice:hwservice_manager find;
binder_call(vendor_telephony_app, dmd)
binder_call(vendor_telephony_app, sced)