Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add required sepolicy rules for Sensor function

Browse source 
Bug: 210067282
Bug: 214473093
Bug: 218930975
Bug: 218499995
Test: run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#checkSensors
Change-Id: I21bbbe35b8c487e9de46b03c508a483134c0b1b8
This commit is contained in:
Alex Hong 2022-02-14 19:26:36 +08:00
parent 76b772519a
commit 58b6e68d51
2 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tracking_denials/hal_sensors_default.te
View file

@ -1,12 +1,6 @@
# b/210067282
dontaudit hal_sensors_default persist_camera_file:dir { search };
# b/214473093 # b/214473093
dontaudit hal_sensors_default sensor_reg_data_file:file { getattr }; dontaudit hal_sensors_default sensor_reg_data_file:file { getattr };
dontaudit hal_sensors_default sensor_reg_data_file:file { open }; dontaudit hal_sensors_default sensor_reg_data_file:file { open };
dontaudit hal_sensors_default sensor_reg_data_file:file { read }; dontaudit hal_sensors_default sensor_reg_data_file:file { read };
dontaudit hal_sensors_default sysfs_leds:dir { search };
dontaudit hal_sensors_default sysfs_leds:file { open };
dontaudit hal_sensors_default sysfs_leds:file { read };
# b/218930975 # b/218930975
dontaudit hal_sensors_default hal_graphics_composer_default:binder { call }; dontaudit hal_sensors_default hal_graphics_composer_default:binder { call };
dontaudit hal_sensors_default hal_pixel_display_service:service_manager { find };

8
whitechapel_pro/hal_sensors_default.te
View file

@ -21,6 +21,7 @@ allow hal_sensors_default persist_file:dir search;
allow hal_sensors_default persist_file:file r_file_perms; allow hal_sensors_default persist_file:file r_file_perms;
allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
r_dir_file(hal_sensors_default, persist_camera_file)
# Allow creation and writing of sensor registry data files. # Allow creation and writing of sensor registry data files.
allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms; allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms;
@ -39,3 +40,10 @@ allow hal_sensors_default sysfs_chosen:file r_file_perms;
# Allow access to sensor service for sensor_listener. # Allow access to sensor service for sensor_listener.
binder_call(hal_sensors_default, system_server); binder_call(hal_sensors_default, system_server);
# Allow sensor HAL to access the display service HAL
allow hal_sensors_default hal_pixel_display_service:service_manager find;
# Allow display_info_service access to the backlight driver.
allow hal_sensors_default sysfs_leds:dir search;
allow hal_sensors_default sysfs_leds:file r_file_perms;