From 5b6a5292c3f92a880dfa769eeaa90d5a52279e94 Mon Sep 17 00:00:00 2001 From: Ted Lin Date: Tue, 22 Feb 2022 10:54:06 +0800 Subject: [PATCH] hal_health_default: Fix avc denials 12-02 11:15:45.224 756 756 I health@2.1-serv: type=1400 audit(0.0:2270): avc: denied { search } for name="thermal" dev="tmpfs" ino=1028 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=1 12-02 11:15:45.224 756 756 I health@2.1-serv: type=1400 audit(0.0:2271): avc: denied { search } for name="thermal" dev="sysfs" ino=16790 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=1 12-02 11:15:45.224 756 756 I health@2.1-serv: type=1400 audit(0.0:2273): avc: denied { open } for path="/sys/devices/virtual/thermal/thermal_zone13/mode" dev="sysfs" ino=17285 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1 12-02 11:15:45.224 756 756 I health@2.1-serv: type=1400 audit(0.0:2272): avc: denied { write } for name="mode" dev="sysfs" ino=17285 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1 Bug:208721638 Test: adb bugreport Change-Id: I4d9491862ff1bcc88f89b1478497ac569e3d1df1 Signed-off-by: Ted Lin --- tracking_denials/hal_health_default.te | 5 ----- whitechapel_pro/hal_health_default.te | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/hal_health_default.te diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te deleted file mode 100644 index d36ba385..00000000 --- a/tracking_denials/hal_health_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/208721638 -dontaudit hal_health_default sysfs_thermal:dir { search }; -dontaudit hal_health_default sysfs_thermal:file { open }; -dontaudit hal_health_default sysfs_thermal:file { write }; -dontaudit hal_health_default thermal_link_device:dir { search }; diff --git a/whitechapel_pro/hal_health_default.te b/whitechapel_pro/hal_health_default.te index a4294ee5..e7406a76 100644 --- a/whitechapel_pro/hal_health_default.te +++ b/whitechapel_pro/hal_health_default.te @@ -9,3 +9,6 @@ allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file w_file_perms; +allow hal_health_default sysfs_thermal:dir search; +allow hal_health_default sysfs_thermal:file w_file_perms; +allow hal_health_default thermal_link_device:dir search;