From 58b6e68d51771d0a3b9ae0743a29d9303b3e0094 Mon Sep 17 00:00:00 2001 From: Alex Hong Date: Mon, 14 Feb 2022 19:26:36 +0800 Subject: [PATCH] Add required sepolicy rules for Sensor function Bug: 210067282 Bug: 214473093 Bug: 218930975 Bug: 218499995 Test: run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#checkSensors Change-Id: I21bbbe35b8c487e9de46b03c508a483134c0b1b8 --- tracking_denials/hal_sensors_default.te | 6 ------ whitechapel_pro/hal_sensors_default.te | 8 ++++++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te index 0b279ba0..8bff1569 100644 --- a/tracking_denials/hal_sensors_default.te +++ b/tracking_denials/hal_sensors_default.te @@ -1,12 +1,6 @@ -# b/210067282 -dontaudit hal_sensors_default persist_camera_file:dir { search }; # b/214473093 dontaudit hal_sensors_default sensor_reg_data_file:file { getattr }; dontaudit hal_sensors_default sensor_reg_data_file:file { open }; dontaudit hal_sensors_default sensor_reg_data_file:file { read }; -dontaudit hal_sensors_default sysfs_leds:dir { search }; -dontaudit hal_sensors_default sysfs_leds:file { open }; -dontaudit hal_sensors_default sysfs_leds:file { read }; # b/218930975 dontaudit hal_sensors_default hal_graphics_composer_default:binder { call }; -dontaudit hal_sensors_default hal_pixel_display_service:service_manager { find }; diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te index c412b3db..7ad1d715 100644 --- a/whitechapel_pro/hal_sensors_default.te +++ b/whitechapel_pro/hal_sensors_default.te @@ -21,6 +21,7 @@ allow hal_sensors_default persist_file:dir search; allow hal_sensors_default persist_file:file r_file_perms; allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; +r_dir_file(hal_sensors_default, persist_camera_file) # Allow creation and writing of sensor registry data files. allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms; @@ -39,3 +40,10 @@ allow hal_sensors_default sysfs_chosen:file r_file_perms; # Allow access to sensor service for sensor_listener. binder_call(hal_sensors_default, system_server); + +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; + +# Allow display_info_service access to the backlight driver. +allow hal_sensors_default sysfs_leds:dir search; +allow hal_sensors_default sysfs_leds:file r_file_perms;