From 94f78934d92db2c9bdff9f716fdf99702d47ce0c Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Mon, 15 Nov 2021 10:47:46 +0000 Subject: [PATCH] Keymint: Fix SELinux denial Also remove -dontaudit- configuration. Bug: 205073229 Bug: 205655569 Bug: 205904323 Change-Id: If8de3b4e6ee01488fdd563b702fbba1bd7c73ef0 --- dauntless/hal_keymint_citadel.te | 7 ++++--- tracking_denials/hal_keymint_citadel.te | 14 -------------- 2 files changed, 4 insertions(+), 17 deletions(-) delete mode 100644 tracking_denials/hal_keymint_citadel.te diff --git a/dauntless/hal_keymint_citadel.te b/dauntless/hal_keymint_citadel.te index 29f528f1..e1a6177d 100644 --- a/dauntless/hal_keymint_citadel.te +++ b/dauntless/hal_keymint_citadel.te @@ -1,8 +1,9 @@ type hal_keymint_citadel, domain; type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_keymint_citadel) - hal_server_domain(hal_keymint_citadel, hal_keymint) - +init_daemon_domain(hal_keymint_citadel) +vndbinder_use(hal_keymint_citadel) +get_prop(hal_keymint_citadel, vendor_security_patch_level_prop) allow hal_keymint_citadel citadeld_service:service_manager find; +binder_call(hal_keymint_citadel, citadeld) diff --git a/tracking_denials/hal_keymint_citadel.te b/tracking_denials/hal_keymint_citadel.te deleted file mode 100644 index 6d19e0e5..00000000 --- a/tracking_denials/hal_keymint_citadel.te +++ /dev/null @@ -1,14 +0,0 @@ -# b/205073229 -dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { getattr }; -dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { map }; -dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { open }; -dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { read }; -# b/205655569 -dontaudit hal_keymint_citadel vndbinder_device:chr_file { ioctl }; -dontaudit hal_keymint_citadel vndbinder_device:chr_file { map }; -dontaudit hal_keymint_citadel vndbinder_device:chr_file { open }; -dontaudit hal_keymint_citadel vndbinder_device:chr_file { read }; -dontaudit hal_keymint_citadel vndbinder_device:chr_file { write }; -# b/205904323 -dontaudit hal_keymint_citadel citadeld:binder { call }; -dontaudit hal_keymint_citadel vndservicemanager:binder { call };