From f5b47095beba9b21d76376522e71d6c62b12d5da Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Tue, 4 May 2021 15:24:38 +0800 Subject: [PATCH] add sepolicy for dump TRICKLE/TEMP/DWELL defend config type=1400 audit(0.0:12): avc: denied { read } for name="google,charger" dev="sysfs" ino=25880 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 Bug: 186872139 Signed-off-by: Jenny Ho Change-Id: Id8868d2b12408d4a39ba42c8b0faf801923f73f3 --- whitechapel/vendor/google/genfs_contexts | 1 + whitechapel/vendor/google/hal_dumpstate_default.te | 1 + 2 files changed, 2 insertions(+) diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 33e2492a..cf466876 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -9,6 +9,7 @@ genfscon sysfs /wifi u:ob # Battery genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 # Slider genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0050 u:object_r:sysfs_batteryinfo:s0 diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 15a1ae5d..ecd58775 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -66,6 +66,7 @@ allow hal_dumpstate_default proc_f2fs:file r_file_perms; allow hal_dumpstate_default proc_touch:file rw_file_perms; allow hal_dumpstate_default sysfs_batteryinfo:dir search; +allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; allow hal_dumpstate_default sysfs_chip_id:file r_file_perms;