From c14f02da5de8fbcd3a9971f95f33b048bb100b63 Mon Sep 17 00:00:00 2001 From: Kris Chen Date: Wed, 7 Apr 2021 20:08:32 +0800 Subject: [PATCH] Allow fingerprint hal to access dmabuf_system_heap_device Fixes the following avc denial: android.hardwar: type=1400 audit(0.0:1207): avc: denied { read } for name="system" dev="tmpfs" ino=689 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 Bug: 171791180 Bug: 184034094 Test: Enroll and authenticate fingerprints. Change-Id: Ie86143ac2484d8909b1070829ff20cf02572f17d --- whitechapel/vendor/google/hal_fingerprint_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te index da7748f3..4c248981 100644 --- a/whitechapel/vendor/google/hal_fingerprint_default.te +++ b/whitechapel/vendor/google/hal_fingerprint_default.te @@ -3,5 +3,6 @@ allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms; allow hal_fingerprint_default sysfs_batteryinfo:dir search; allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; +allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms; get_prop(hal_fingerprint_default, fingerprint_ghbm_prop) add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)