From 0e68aed1541379b3df41616d17892c6895f77a09 Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Fri, 7 May 2021 13:14:25 +0800 Subject: [PATCH 1/2] Allow dumpstate to access twoshay Bug: 173330981 Bug: 187014717 Test: no avc denials for twoshay was found. Signed-off-by: Tai Kuo Change-Id: Idcf38e0921fb4d6d617e7cd443425193aea3fe91 --- whitechapel/vendor/google/hal_dumpstate_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 457335ac..97a419ce 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -54,6 +54,9 @@ allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms; allow hal_dumpstate_default sysfs_thermal:file r_file_perms; allow hal_dumpstate_default sysfs_thermal:lnk_file read; +allow hal_dumpstate_default touch_context_service:service_manager find; +binder_call(hal_dumpstate_default, twoshay) + # Modem logs allow hal_dumpstate_default modem_efs_file:dir search; allow hal_dumpstate_default modem_efs_file:file r_file_perms; From 8e3aaa30ff3e15da6e2d10fb4ef42ac338ce5302 Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Fri, 7 May 2021 14:24:52 +0800 Subject: [PATCH 2/2] Remove dumpstate AVC denials dontaudit for twoshay Bug: 187014717 Test: pts-tradefed run pts -m PtsSELinuxTest -t \ com.google.android.selinux.pts.SELinuxTest#scanBugreport Signed-off-by: Tai Kuo Change-Id: Ic697ffe8f6ee15fb9d9330173a3c92aeca61de67 --- tracking_denials/dumpstate.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te index 05b010e0..ffb8518c 100644 --- a/tracking_denials/dumpstate.te +++ b/tracking_denials/dumpstate.te @@ -1,4 +1,2 @@ # b/185723618 dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; -# b/187014717 -dontaudit dumpstate twoshay:binder call;