From 2d44b5d5d07c7b94b3afc5aa1e45cdf5c494f690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Tue, 10 May 2022 05:35:27 +0000 Subject: [PATCH] Add dontaudit statements to camera HAL policy. The autogenerated dontaudit statements in tracking_denials are actually the correct policy. Move them to the correct file and add comments. Bug: 218585004 Test: build & camera check Change-Id: Ie0338f0d2a6fd0c589777a82c22a014e462bd5c2 (cherry picked from commit 26b2d2e33ee14ed8a3f482cab9197e27cd69c50e) --- tracking_denials/hal_camera_default.te | 5 ----- whitechapel_pro/hal_camera_default.te | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/hal_camera_default.te diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index f423e497..00000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/205780065 -dontaudit hal_camera_default system_data_file:dir { search }; -# b/218585004 -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index 92c629ed..437060ea 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -91,3 +91,11 @@ allow hal_camera_default sysfs_leds:file r_file_perms; # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; \ No newline at end of file