Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gs101: Add dontaudit statements to camera HAL policy.

Browse source 
The autogenerated dontaudit statements in tracking_denials are
actually the correct policy. Move them to the correct file and
add comments.

Fix: 178980085
Fix: 180567725
Fix: 218585004
Test: build & camera check on raven
Change-Id: I3f3a1f64d403182d4f592f1cacc6ef8d1418062d
(cherry picked from commit b71d24d62c)
This commit is contained in:
Krzysztof Kosiński 2022-05-10 05:12:05 +00:00
parent 1745c41b8a
commit fbcf66a04a
2 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tracking_denials/hal_camera_default.te
View file

@ -1,5 +0,0 @@
# b/178980085
dontaudit hal_camera_default system_data_file:dir { search };
# b/180567725
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
dontaudit hal_camera_default traced_producer_socket:sock_file { write };

8
whitechapel/vendor/google/hal_camera_default.te vendored
View file

@ -96,3 +96,11 @@ allow hal_camera_default proc_interrupts:file r_file_perms;
# Allow camera HAL to send trace packets to Perfetto # Allow camera HAL to send trace packets to Perfetto
userdebug_or_eng(`perfetto_producer(hal_camera_default)') userdebug_or_eng(`perfetto_producer(hal_camera_default)')
# Some file searches attempt to access system data and are denied.
# This is benign and can be ignored.
dontaudit hal_camera_default system_data_file:dir { search };
# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
dontaudit hal_camera_default traced:unix_stream_socket { connectto };
dontaudit hal_camera_default traced_producer_socket:sock_file { write };