device_google_gs101

Evolution-X-Tensor/device_google_gs101

Fork 0

Commit graph

Author	SHA1	Message	Date
Kris Chen	09996bc810	Add sepolicy rules for fingerprint hal Fixes the following avc denials: 03-18 11:23:15.692 956 956 I android.hardwar: type=1400 audit(0.0:7): avc: denied { read write } for name="trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1 03-18 11:23:15.692 956 956 I android.hardwar: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1 03-18 11:23:15.692 956 956 I android.hardwar: type=1400 audit(0.0:9): avc: denied { ioctl } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 ioctlcmd=0x7280 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1 03-18 11:40:56.072 973 973 I fingerprint@2.1: type=1400 audit(0.0:39): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 03-18 11:40:56.072 973 973 I fingerprint@2.1: type=1400 audit(0.0:40): avc: denied { read } for name="temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 03-18 11:40:56.072 973 973 I fingerprint@2.1: type=1400 audit(0.0:41): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 03-18 14:11:23.476 979 979 I fingerprint@2.1: type=1400 audit(0.0:13): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 03-18 12:03:08.248 978 978 I android.hardwar: type=1400 audit(0.0:9): avc: denied { create } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1 03-18 12:03:08.248 978 978 I android.hardwar: type=1400 audit(0.0:10): avc: denied { bind } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1 03-18 12:03:08.248 978 978 I android.hardwar: type=1400 audit(0.0:11): avc: denied { write } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1 03-18 12:03:08.248 978 978 I android.hardwar: type=1400 audit(0.0:12): avc: denied { read } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1 03-18 12:56:30.446 404 404 E SELinux : avc: denied { add } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=967 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=1 Bug: 171943101 Test: No above avc denials in logcat. Change-Id: I67b397f86c39625b77ebe6d32d37e42cd87b3f93	2021-03-19 03:41:18 +00:00
Robin Peng	5009efa776	Move slider-sepolicy into gs101-sepolicy from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf Bug: 167996145 Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301	2021-03-06 16:15:39 +08:00

Author

SHA1

Message

Date

Kris Chen

09996bc810

Add sepolicy rules for fingerprint hal

Fixes the following avc denials:
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:7): avc: denied { read write } for name="trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:8): avc: denied { open } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:23:15.692   956   956 I android.hardwar: type=1400 audit(0.0:9): avc: denied { ioctl } for path="/dev/trusty-ipc-dev0" dev="tmpfs" ino=691 ioctlcmd=0x7280 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:39): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:40): avc: denied { read } for name="temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
03-18 11:40:56.072   973   973 I fingerprint@2.1: type=1400 audit(0.0:41): avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/temp" dev="sysfs" ino=66520 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
03-18 14:11:23.476   979   979 I fingerprint@2.1: type=1400 audit(0.0:13): avc: denied { search } for name="battery" dev="sysfs" ino=66502 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:9): avc: denied { create } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:10): avc: denied { bind } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:11): avc: denied { write } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:03:08.248   978   978 I android.hardwar: type=1400 audit(0.0:12): avc: denied { read } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=netlink_socket permissive=1
03-18 12:56:30.446   404   404 E SELinux : avc:  denied  { add } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=967 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=1

Bug: 171943101
Test: No above avc denials in logcat.
Change-Id: I67b397f86c39625b77ebe6d32d37e42cd87b3f93

2021-03-19 03:41:18 +00:00

Robin Peng

5009efa776

Move slider-sepolicy into gs101-sepolicy

from: 71e609c24c97fc8d44843af30527cbeb90d5dcdf

Bug: 167996145
Change-Id: Ie00e7e0983a3ca695bbd5140c929d07a80144301

2021-03-06 16:15:39 +08:00

2 commits