From 07bf62c38731f5a93a5ff8ec1cc24da04c9d0cf6 Mon Sep 17 00:00:00 2001 From: Michael Eastwood Date: Fri, 4 Mar 2022 08:12:06 -0800 Subject: [PATCH] Update SELinux policy to allow camera HAL to send Perfetto trace packets Example denials: 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr aced:s0 tclass=fd permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext =u:object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u: object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1 Bug: 222684359 Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto. Change-Id: I443e84c5bcc701c1c983db19280719655ff02080 --- whitechapel_pro/hal_camera_default.te | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index 779157ca..92c629ed 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -85,6 +85,9 @@ allow hal_camera_default apex_info_file:file r_file_perms; # Allow camera HAL to query current device clock frequencies. allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; -# allow camera HAL to read backlight of display +# Allow camera HAL to read backlight of display allow hal_camera_default sysfs_leds:dir r_dir_perms; allow hal_camera_default sysfs_leds:file r_file_perms; + +# Allow camera HAL to send trace packets to Perfetto +userdebug_or_eng(`perfetto_producer(hal_camera_default)')