Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gs201-sepolicy: provide permission for TouchInspector app [DO NOT MERGE]

Browse source 
Resolve these access violations:
avc: denied { write } for name="driver_test" dev="proc" ino=4026535572
scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0
tclass=file permissive=1 app=com.google.touch.touchinspector
avc: denied { open } for path="/proc/fts/driver_test" dev="proc"
ino=4026535572 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { getattr } for path="/proc/fts/driver_test" dev="proc"
ino=4026535572 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { read } for name="driver_test" dev="proc" ino=4026535572
scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0
tclass=file permissive=1 app=com.google.touch.touchinspector

avc: denied { open } for path="/proc/fts_ext/driver_test" dev="proc"
ino=4026535574 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector
avc: denied { getattr } for path="/proc/fts_ext/driver_test" dev="proc"
ino=4026535574 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

Bug: 182118395
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: Ia3bd2323b77134b8e47d858f36756780dec98c19
This commit is contained in:
Steve Pfetsch 2022-11-18 08:45:41 +00:00
parent d59612c409
commit a2e6c51431
3 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
whitechapel_pro/file.te
View file

@ -109,6 +109,9 @@ type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
# Touch
type proc_touch, proc_type, fs_type;
userdebug_or_eng(`
typeattribute proc_touch mlstrustedobject;
')
# Vendor sched files
userdebug_or_eng(`

11
whitechapel_pro/google_touch_app.te Normal file
View file

@ -0,0 +1,11 @@
type google_touch_app, domain;
userdebug_or_eng(`
app_domain(google_touch_app)
allow google_touch_app app_api_service:service_manager find;
allow google_touch_app sysfs_touch:dir r_dir_perms;
allow google_touch_app sysfs_touch:file rw_file_perms;
allow google_touch_app proc_touch:file rw_file_perms;
')

3
whitechapel_pro/seapp_contexts
View file

@ -44,6 +44,9 @@ user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_
# CBRS setup app
user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
# Touch app
user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
# Qorvo UWB system app
# TODO(b/222204912): Should this run under uwb user?
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all