Update selinux policy for display information

Two new sysfs nodes were added to sysfs_display type and permission to access sysfs_display nodes was added for the dumpstate service. This allows display information to be captured during bug report generation. Bug: 225376485 Test: Manual - ran 'adb bugreport' Change-Id: Ib121b0b21aa326e791e67c5bd24b3e70979a554c
2022-04-05 21:29:42 +00:00 · 2022-04-05 21:29:42 +00:00 · 18f8d933ab
commit 18f8d933ab
parent 60592aae02
2 changed files with 5 additions and 0 deletions
--- a/whitechapel_pro/genfs_contexts
+++ b/whitechapel_pro/genfs_contexts
@ -101,10 +101,12 @@ genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup
 genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup                                           u:object_r:sysfs_display:s0

 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0

 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0

--- a/whitechapel_pro/hal_dumpstate_default.te
+++ b/whitechapel_pro/hal_dumpstate_default.te
@ -70,6 +70,9 @@ allow hal_dumpstate_default proc_touch:file rw_file_perms;

 allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;
 binder_call(hal_dumpstate_default, hal_graphics_composer_default);
+allow hal_dumpstate_default sysfs_display:dir r_dir_perms;
+allow hal_dumpstate_default sysfs_display:file r_file_perms;
+
 vndbinder_use(hal_dumpstate_default)

 allow hal_dumpstate_default shell_data_file:file getattr;