Fix sensors_hal selinux denials.

Bug: 214473093 Bug: 218930975 Bug: 210067282 Test: com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot Change-Id: Ifd865efd0544f246d1c188f3edce9f05f27313d2
2022-02-18 16:36:37 -08:00 · 2022-02-18 16:36:37 -08:00 · 727d070b13
commit 727d070b13
parent 7997d6a8a0
2 changed files with 1 additions and 6 deletions
--- a/tracking_denials/hal_sensors_default.te
+++ b/tracking_denials/hal_sensors_default.te
@ -1,6 +0,0 @@
-# b/214473093
-dontaudit hal_sensors_default sensor_reg_data_file:file { getattr };
-dontaudit hal_sensors_default sensor_reg_data_file:file { open };
-dontaudit hal_sensors_default sensor_reg_data_file:file { read };
-# b/218930975
-dontaudit hal_sensors_default hal_graphics_composer_default:binder { call };
--- a/whitechapel_pro/hal_sensors_default.te
+++ b/whitechapel_pro/hal_sensors_default.te
@ -25,6 +25,7 @@ r_dir_file(hal_sensors_default, persist_camera_file)

 # Allow creation and writing of sensor registry data files.
 allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms;
+allow hal_sensors_default sensor_reg_data_file:file r_file_perms;

 # Allow access to the display info for ALS.
 allow hal_sensors_default sysfs_display:file rw_file_perms;