Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix SELinux error coming from hal_secure_element_uicc

Browse source 
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:102): avc: denied { call } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.632309] type=1400 audit(1636594739.168:103): avc: denied { transfer } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.631474] type=1400 audit(1636594739.168:102): avc: denied { call } for comm="secure_element@" scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
11-11 09:38:59.168   794   794 I secure_element@: type=1400 audit(0.0:103): avc: denied { transfer } for scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:r:rild:s0 tclass=binder permissive=1
[   19.633481] type=1400 audit(1636594739.172:104): avc: denied { call } for comm="rild_exynos" scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1
11-11 09:38:59.172   971   971 I rild_exynos: type=1400 audit(0.0:104): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:hal_secure_element_uicc:s0 tclass=binder permissive=1

Bug: 205904403
Test: check avc
Change-Id: I9186714d81e21ba8920aaa900a92f542e98ceddb
This commit is contained in:
George Chang 2021-11-30 19:47:27 +08:00
parent f8d59b9305
commit 097157613a
4 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tracking_denials/hal_secure_element_uicc.te
View file

@ -1,3 +0,0 @@
# b/205904403
dontaudit hal_secure_element_uicc rild:binder { call };
dontaudit hal_secure_element_uicc rild:binder { transfer };

1
tracking_denials/rild.te
View file

@ -5,6 +5,5 @@ dontaudit rild vendor_persist_config_default_prop:file { map };
dontaudit rild vendor_persist_config_default_prop:file { open };
dontaudit rild vendor_persist_config_default_prop:file { read };
# b/205904441
dontaudit rild hal_secure_element_uicc:binder { call };
dontaudit rild vendor_ims_app:binder { call };
dontaudit rild vendor_rcs_app:binder { call };

4
whitechapel_pro/hal_secure_element_uicc.te
View file

@ -4,4 +4,8 @@ type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_secure_element_uicc, hal_secure_element)
init_daemon_domain(hal_secure_element_uicc)
# Allow hal_secure_element_default to access rild
binder_call(hal_secure_element_default, rild);
allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;

1
whitechapel_pro/rild.te
View file

@ -19,6 +19,7 @@ binder_call(rild, gpsd)
binder_call(rild, hal_audio_default)
binder_call(rild, modem_svc_sit)
binder_call(rild, oemrilservice_app)
binder_call(rild, hal_secure_element_uicc)
# for hal service
add_hwservice(rild, hal_exynos_rild_hwservice)