Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up Google Camera App tracking_denials.

Browse source 
EdgeTPU access is already allowed. Vendor property access should
be denied and is not an error (most likely from library code
that tries to access nonexistent Mediatek-specific properties).

Fix: 209889068
Test: presubmit, run GCA
Change-Id: Id200da6627ceae1ca6315ea9b4473f61fdc285d0
This commit is contained in:
Krzysztof Kosiński 2023-03-09 20:12:27 +00:00
parent 3c494301c8
commit 3758cdb733
2 changed files with 3 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tracking_denials/google_camera_app.te
View file

@ -1,8 +0,0 @@
# b/209889068
dontaudit google_camera_app edgetpu_app_service:service_manager { find };
dontaudit google_camera_app edgetpu_device:chr_file { ioctl };
dontaudit google_camera_app edgetpu_device:chr_file { map };
dontaudit google_camera_app edgetpu_device:chr_file { read write };
dontaudit google_camera_app vendor_default_prop:file { getattr };
dontaudit google_camera_app vendor_default_prop:file { map };
dontaudit google_camera_app vendor_default_prop:file { open };

3
whitechapel_pro/google_camera_app.te
View file

@ -21,3 +21,6 @@ hal_client_domain(google_camera_app, hal_power)
# Allows GCA to find and access the EdgeTPU.
allow google_camera_app edgetpu_app_service:service_manager find;
allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };