Merge "Fix selinux permissions errors for UwbService" into sc-dev
This commit is contained in:
Mat Bevilacqua
Android (Google) Code Review
commit
b58243632d
7 changed files with 12 additions and 1 deletions
|
|
@ -3,5 +3,4 @@ dontaudit kernel kernel:perf_event { cpu };
|
||||||
dontaudit kernel kernel:perf_event { cpu };
|
dontaudit kernel kernel:perf_event { cpu };
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
permissive kernel;
|
permissive kernel;
|
||||||
permissive hal_uwb_default;
|
|
||||||
')
|
')
|
||||||
|
|
|
||||||
3
whitechapel/vendor/google/gmscore_app.te
vendored
Normal file
3
whitechapel/vendor/google/gmscore_app.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Allow gmscore to use UwbService APIs
|
||||||
|
# TODO (b/183904955): remove
|
||||||
|
allow gmscore_app uwb_service:service_manager find;
|
||||||
2
whitechapel/vendor/google/hal_uwb_default.te
vendored
2
whitechapel/vendor/google/hal_uwb_default.te
vendored
|
|
@ -1,3 +1,5 @@
|
||||||
type hal_uwb_default, domain;
|
type hal_uwb_default, domain;
|
||||||
type hal_uwb_default_exec, vendor_file_type, exec_type, file_type;
|
type hal_uwb_default_exec, vendor_file_type, exec_type, file_type;
|
||||||
init_daemon_domain(hal_uwb_default)
|
init_daemon_domain(hal_uwb_default)
|
||||||
|
|
||||||
|
add_service(hal_uwb_default, hal_uwb_service)
|
||||||
|
|
|
||||||
1
whitechapel/vendor/google/service.te
vendored
1
whitechapel/vendor/google/service.te
vendored
|
|
@ -1,3 +1,4 @@
|
||||||
type hal_pixel_display_service, service_manager_type, vendor_service;
|
type hal_pixel_display_service, service_manager_type, vendor_service;
|
||||||
type uwb_service, service_manager_type;
|
type uwb_service, service_manager_type;
|
||||||
type touch_context_service, service_manager_type, vendor_service;
|
type touch_context_service, service_manager_type, vendor_service;
|
||||||
|
type hal_uwb_service, service_manager_type, vendor_service;
|
||||||
|
|
|
||||||
1
whitechapel/vendor/google/service_contexts
vendored
1
whitechapel/vendor/google/service_contexts
vendored
|
|
@ -3,3 +3,4 @@ com.google.edgetpu.IEdgeTpuService/default u:object_r:edgetpu_se
|
||||||
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
|
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
|
||||||
com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
|
com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
|
||||||
uwb u:object_r:uwb_service:s0
|
uwb u:object_r:uwb_service:s0
|
||||||
|
hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_service:s0
|
||||||
|
|
|
||||||
|
|
@ -8,3 +8,7 @@ allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map }
|
||||||
# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
|
# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
|
||||||
# for secure video playback
|
# for secure video playback
|
||||||
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
|
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
|
||||||
|
|
||||||
|
# Allows cts tests to test for UwbService presence
|
||||||
|
# TODO (b/183904955): remove
|
||||||
|
allow untrusted_app_all uwb_service:service_manager find;
|
||||||
|
|
|
||||||
1
whitechapel/vendor/google/uwb_service.te
vendored
Normal file
1
whitechapel/vendor/google/uwb_service.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow uwb_service hal_uwb_service:service_manager find;
|
||||||
Loading…
Add table
Add a link
Reference in a new issue