Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix avc denied for slsi engineermode app

Browse source 
log:
avc: denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode
avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode

Test: side load the trail build sepolicy, then check the app

Bug: 221482792
Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857
This commit is contained in:
Jinting Lin 2022-03-01 12:00:15 +00:00
parent b1c5fcff3d
commit 94d7f6cce6
3 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
whitechapel_pro/rild.te
View file

@ -25,6 +25,7 @@ binder_call(rild, vendor_rcs_app)
binder_call(rild, oemrilservice_app)
binder_call(rild, hal_secure_element_uicc)
binder_call(rild, grilservice_app)
binder_call(rild, vendor_engineermode_app)
# for hal service
add_hwservice(rild, hal_exynos_rild_hwservice)

3
whitechapel_pro/seapp_contexts
View file

@ -14,6 +14,9 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.uartswitch domain=ve
user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_network_test_app levelFrom=all
# Samsung S.LSI engineer mode
user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
# Hardware Info Collection
user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user

12
whitechapel_pro/vendor_engineermode_app.te Normal file
View file

@ -0,0 +1,12 @@
type vendor_engineermode_app, domain;
app_domain(vendor_engineermode_app)
binder_call(vendor_engineermode_app, rild)
allow vendor_engineermode_app app_api_service:service_manager find;
allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
userdebug_or_eng(`
dontaudit vendor_engineermode_app default_prop:file r_file_perms;
')