From b67138e8ae79fa4b8ad1283bae54d843fd6965cc Mon Sep 17 00:00:00 2001 From: Jack Wu Date: Wed, 9 Feb 2022 17:40:10 +0800 Subject: [PATCH] sepolicy: gs101: fix charger_vendor permission denied [ 27.025458][ T443] type=1400 audit(1644391560.640:11): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0 [ 26.563658][ T447] type=1400 audit(1644397622.588:5): avc: denied { search } for comm="android.hardwar" name="/" dev="sda1" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0 [ 27.198144][ T442] type=1400 audit(1644398156.152:5): avc: denied { search } for comm="android.hardwar" name="battery" dev="sda1" ino=12 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0 [ 27.327035][ T443] type=1400 audit(1644398785.276:5): avc: denied { read } for comm="android.hardwar" name="defender_active_time" dev="sda1" ino=17 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0 [ 27.355009][ T443] type=1400 audit(1644398785.276:6): avc: denied { write } for comm="android.hardwar" name="defender_charger_time" dev="sda1" ino=16 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=file permissive=0 [ 26.771705][ T444] type=1400 audit(1644379988.804:4): avc: denied { read } for comm="android.hardwar" name="specification_version" dev="sysfs" ino=56257 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 [ 27.898684][ T445] type=1400 audit(1644392754.928:8): avc: denied { read } for comm="android.hardwar" name="thermal_zone6" dev="sysfs" ino=15901 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0 [ 29.180076][ T447] type=1400 audit(1644397625.200:9): avc: denied { write } for comm="android.hardwar" name="mode" dev="sysfs" ino=15915 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0 [ 27.043845][ T444] type=1400 audit(1644379988.808:9): avc: denied { search } for comm="android.hardwar" name="thermal" dev="tmpfs" ino=899 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0 [ 27.064916][ T444] type=1400 audit(1644379988.808:10): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=306 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0 [ 27.356266][ T444] type=1107 audit(1644404450.376:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=457 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0' Bug: 218485039 Test: manually test, no avc: denied Signed-off-by: Jack Wu Change-Id: I091dbbca35fb833e59fdbc234d74b90bfe74014c Merged-In: I091dbbca35fb833e59fdbc234d74b90bfe74014c --- whitechapel/vendor/google/charger_vendor.te | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 whitechapel/vendor/google/charger_vendor.te diff --git a/whitechapel/vendor/google/charger_vendor.te b/whitechapel/vendor/google/charger_vendor.te new file mode 100644 index 00000000..7b914da1 --- /dev/null +++ b/whitechapel/vendor/google/charger_vendor.te @@ -0,0 +1,9 @@ +allow charger_vendor mnt_vendor_file:dir search; +allow charger_vendor persist_file:dir search; +allow charger_vendor persist_battery_file:dir search; +allow charger_vendor persist_battery_file:file rw_file_perms; +allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms; +allow charger_vendor sysfs_thermal:file w_file_perms; +allow charger_vendor sysfs_thermal:lnk_file read; +allow charger_vendor thermal_link_device:dir search; +set_prop(charger_vendor, vendor_battery_defender_prop)