From b8aebc85e17d38e3d1293ae3c80041832efd3ba3 Mon Sep 17 00:00:00 2001 From: Ocean Chen Date: Mon, 24 May 2021 14:57:33 +0800 Subject: [PATCH] storage: update sepolicy for hardwareinfoservice avc: denied { search } for name="0:0:0:0" dev="sysfs" ino=57525 scontext=u:r:hardware_info_app:s0:c512,c768 avc: denied { search } for name="health_descriptor" dev="sysfs" ino=57017 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 app=com.google.android.hardwareinfo avc: denied { search } for name="health_descriptor" dev="sysfs" ino=57017 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="vpd_pg80" dev="sysfs" ino=57559 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="model" dev="sysfs" ino=57534 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="vendor" dev="sysfs" ino=57533 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="rev" dev="sysfs" ino=57535 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="eol_info" dev="sysfs" ino=57020 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo avc: denied { read } for name="life_time_estimation_a" dev="sysfs" ino=57021 scontext=u:r:hardware_info_app:s0:c512,c768 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 app=com.google.android.hardwareinfo Bug: 188755652 Test: reboot then check hardwareinfo and avc denined log Change-Id: Ia03ebdd6b0b46b4c9ace5fbf1fc47a455a55abcb --- tracking_denials/hardware_info_app.te | 4 ---- whitechapel/vendor/google/hardware_info_app.te | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tracking_denials/hardware_info_app.te b/tracking_denials/hardware_info_app.te index 810cb701..8e02952f 100644 --- a/tracking_denials/hardware_info_app.te +++ b/tracking_denials/hardware_info_app.te @@ -1,12 +1,8 @@ # b/181177926 -dontaudit hardware_info_app sysfs_scsi_devices_0000:file { getattr }; -dontaudit hardware_info_app sysfs_scsi_devices_0000:file { open }; dontaudit hardware_info_app sysfs_batteryinfo:file { read }; dontaudit hardware_info_app sysfs:file { read }; dontaudit hardware_info_app sysfs:file { open }; dontaudit hardware_info_app sysfs:file { getattr }; -dontaudit hardware_info_app sysfs_scsi_devices_0000:dir { search }; -dontaudit hardware_info_app sysfs_scsi_devices_0000:file { read }; dontaudit hardware_info_app sysfs_batteryinfo:dir { search }; # b/181914888 dontaudit hardware_info_app sysfs_batteryinfo:file { open }; diff --git a/whitechapel/vendor/google/hardware_info_app.te b/whitechapel/vendor/google/hardware_info_app.te index b94d1138..90ed9a60 100644 --- a/whitechapel/vendor/google/hardware_info_app.te +++ b/whitechapel/vendor/google/hardware_info_app.te @@ -11,3 +11,7 @@ allow hardware_info_app sysfs_display:file r_file_perms; # Audio allow hardware_info_app sysfs_pixelstats:dir search; allow hardware_info_app sysfs_pixelstats:file r_file_perms; + +# Storage +allow hardware_info_app sysfs_scsi_devices_0000:dir search; +allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms; \ No newline at end of file