From 279437055748330fc2d89107be06cbec67e6a4be Mon Sep 17 00:00:00 2001 From: Jack Wu Date: Thu, 27 May 2021 00:04:14 +0800 Subject: [PATCH] sepolicy: gs101: allows pixelstat to access wlc file nodes 05-31 11:14:57.280 1000 3126 3126 W pixelstats-vend: type=1400 audit(0.0:162): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=60862 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=0 05-31 11:14:57.280 1000 3126 3126 W pixelstats-vend: type=1400 audit(0.0:163): avc: denied { search } for name="i2c-p9412" dev="sysfs" ino=60862 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=0 05-31 13:12:23.940 1000 2838 2838 W pixelstats-vend: type=1400 audit(0.0:182): avc: denied { read } for name="charge_stats" dev="sysfs" ino=73276 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 05-31 15:02:02.215 1000 13169 13169 W pixelstats-vend: type=1400 audit(0.0:166): avc: denied { write } for name="charge_stats" dev="sysfs" ino=73483 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 05-31 15:02:02.215 1000 13169 13169 W pixelstats-vend: type=1400 audit(0.0:167): avc: denied { write } for name="charge_stats" dev="sysfs" ino=73483 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0 Bug: 176195960 Test: manually test, no avc: denied Signed-off-by: Jack Wu Change-Id: I0af03dd8099e246c5f94e8e8530d7b2bcf50ff95 --- whitechapel/vendor/google/pixelstats_vendor.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index ba063193..68e59120 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -15,3 +15,6 @@ allow pixelstats_vendor fwk_stats_service:service_manager find; allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms; allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms;