From c0b806fd2d8e8a9e70120015060b6d5a07a12929 Mon Sep 17 00:00:00 2001 From: Cliff Wu Date: Wed, 7 Apr 2021 23:06:18 +0800 Subject: [PATCH] [Bug] Change the sepolicy name for exo_camera_injection - Change the sepolicy name from platfrom_app to exo_app. - Selinux avc log: E/SELinux: avc: denied { find } for interface=vendor.google.exo_camera_injection::IExoCameraInjection sid=u:r:exo_app:s0:c248,c256,c512,c768 pid=11479 scontext=u:r:exo_app:s0:c248,c256,c512,c768 tcontext=u:object_r:hal_exo_camera_injection_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 184736718 Test: Verified exo_camera_injection provider service use cases function as expected; no denials. Change-Id: I08887b8b6020cb7b3fb3da77cea9a1f453655bea --- whitechapel/vendor/google/exo_camera_injection/exo_app.te | 3 +++ whitechapel/vendor/google/exo_camera_injection/platform_app.te | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 whitechapel/vendor/google/exo_camera_injection/exo_app.te delete mode 100644 whitechapel/vendor/google/exo_camera_injection/platform_app.te diff --git a/whitechapel/vendor/google/exo_camera_injection/exo_app.te b/whitechapel/vendor/google/exo_camera_injection/exo_app.te new file mode 100644 index 00000000..a90de48e --- /dev/null +++ b/whitechapel/vendor/google/exo_camera_injection/exo_app.te @@ -0,0 +1,3 @@ +# Allow exo app to find and bind exo camera injection hal. +allow exo_app hal_exo_camera_injection_hwservice:hwservice_manager find; +binder_call(exo_app, hal_exo_camera_injection) diff --git a/whitechapel/vendor/google/exo_camera_injection/platform_app.te b/whitechapel/vendor/google/exo_camera_injection/platform_app.te deleted file mode 100644 index b4dee87f..00000000 --- a/whitechapel/vendor/google/exo_camera_injection/platform_app.te +++ /dev/null @@ -1,3 +0,0 @@ -# Allow exo app to find and bind exo camera injection hal. -allow platform_app hal_exo_camera_injection_hwservice:hwservice_manager find; -binder_call(platform_app, hal_exo_camera_injection)