hal_power_stats_default: Fix avc denials
[ 351.298850] type=1400 audit(1614041245.976:13): avc: denied { read } for comm="android.hardwar" name="hf1_wfi" dev="sysfs" ino=78155 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
[ 698.658433] type=1400 audit(1614041593.336:1733): avc: denied { open } for comm="stats@1.0-servi" path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:53:13.336 673 673 I stats@1.0-servi: type=1400 audit(0.0:1734): avc: denied { getattr } for path="/sys/devices/platform/19000000.aoc/control/monitor_mode" dev="sysfs" ino=78158 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
02-23 08:52:26.228 670 670 I android.hardwar: type=1400 audit(0.0:724): avc: denied { search } for name="19000000.aoc" dev="sysfs" ino=18343 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=1
Bug: 180963514
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Iab245b320c1f6e75407f1fafb5ad20a087b1a707
This commit is contained in:
Jack Wu
parent
e265637395
commit
a3678d9487
3 changed files with 23 additions and 56 deletions
|
|
@ -1,7 +1,6 @@
|
|||
# b/171760721
|
||||
dontaudit hal_power_stats_default sysfs:file { read };
|
||||
dontaudit hal_power_stats_default sysfs:file { getattr };
|
||||
dontaudit hal_power_stats_default citadeld:binder { call };
|
||||
dontaudit hal_power_stats_default sysfs:file { read };
|
||||
dontaudit hal_power_stats_default sysfs:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs:file { open };
|
||||
|
|
@ -11,58 +10,3 @@ dontaudit hal_power_stats_default sysfs:dir { open };
|
|||
dontaudit hal_power_stats_default sysfs:file { read };
|
||||
dontaudit hal_power_stats_default sysfs:file { open };
|
||||
dontaudit hal_power_stats_default sysfs:file { open };
|
||||
# b/176777337
|
||||
dontaudit hal_power_stats_default sysfs_leds:dir search ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:file open ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:dir search ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:file read ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:file open ;
|
||||
# b/176868314
|
||||
dontaudit hal_power_stats_default sysfs_leds:file read ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:file open ;
|
||||
dontaudit hal_power_stats_default sysfs_leds:dir search ;
|
||||
# b/179093124
|
||||
dontaudit hal_power_stats_default sysfs_backlight:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_backlight:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_backlight:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_backlight:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_backlight:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_backlight:file { read };
|
||||
# b/180963514
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_aoc:file { read };
|
||||
# b/181915165
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { getattr };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { open };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
|
||||
dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:dir { search };
|
||||
dontaudit hal_power_stats_default sysfs_wifi:file { read };
|
||||
|
|
|
|||
15
whitechapel/vendor/google/genfs_contexts
vendored
15
whitechapel/vendor/google/genfs_contexts
vendored
|
|
@ -107,7 +107,22 @@ genfscon proc /bluetooth/sleep/btwrite
|
|||
genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
|
||||
|
||||
# ODPM
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-7/7-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
|
||||
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-7/7-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
|
||||
genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-8/8-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
|
||||
|
||||
# Chosen
|
||||
|
|
|
|||
|
|
@ -6,4 +6,12 @@ binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
|
|||
|
||||
allow hal_power_stats_default odpm_config_file:dir search;
|
||||
allow hal_power_stats_default odpm_config_file:file r_file_perms;
|
||||
allow hal_power_stats_default sysfs_odpm:dir search;
|
||||
allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
|
||||
|
||||
binder_call(hal_power_stats_default, citadeld)
|
||||
r_dir_file(hal_power_stats_default, sysfs_aoc)
|
||||
r_dir_file(hal_power_stats_default, sysfs_leds)
|
||||
r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
|
||||
r_dir_file(hal_power_stats_default, sysfs_wifi)
|
||||
r_dir_file(hal_power_stats_default, sysfs_backlight)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue