From b71d24d62c578494fa381acbe63e3a51fca75811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Tue, 10 May 2022 05:12:05 +0000 Subject: [PATCH] gs101: Add dontaudit statements to camera HAL policy. The autogenerated dontaudit statements in tracking_denials are actually the correct policy. Move them to the correct file and add comments. Fix: 178980085 Fix: 180567725 Test: build & camera check on raven Change-Id: I3f3a1f64d403182d4f592f1cacc6ef8d1418062d --- tracking_denials/hal_camera_default.te | 5 ----- whitechapel/vendor/google/hal_camera_default.te | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/hal_camera_default.te diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index 6ab5a51c..00000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/178980085 -dontaudit hal_camera_default system_data_file:dir { search }; -# b/180567725 -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te index 440b503c..2e36e4a8 100644 --- a/whitechapel/vendor/google/hal_camera_default.te +++ b/whitechapel/vendor/google/hal_camera_default.te @@ -96,3 +96,11 @@ allow hal_camera_default proc_interrupts:file r_file_perms; # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; \ No newline at end of file