From 882527f08bc6d09aa359e91aae5daa521af885cc Mon Sep 17 00:00:00 2001 From: Mason Wang Date: Thu, 31 Mar 2022 22:10:26 +0800 Subject: [PATCH] hal_dumpstate_default: Fix avc denial of focaltech_touch. Fixed following avc denial: avc: denied { read } for name="focaltech_touch" dev="proc" ino=4026535419 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc_touch:s0 tclass=dir permissive=0 Bug: 199105131 Test: Verify pass by checking device log are w/o above errors when trigger bugreport. Change-Id: Id2af1f59cd397f0332fba94f68d9940f612a8e81 --- whitechapel_pro/hal_dumpstate_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te index 3bc4e128..f5ebec11 100644 --- a/whitechapel_pro/hal_dumpstate_default.te +++ b/whitechapel_pro/hal_dumpstate_default.te @@ -65,6 +65,9 @@ allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms; allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; allow hal_dumpstate_default sysfs_touch:file rw_file_perms; +allow hal_dumpstate_default proc_touch:dir r_dir_perms; +allow hal_dumpstate_default proc_touch:file rw_file_perms; + allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; binder_call(hal_dumpstate_default, hal_graphics_composer_default); vndbinder_use(hal_dumpstate_default)