From a781d5020beea2605f878c8a72f91c6545221143 Mon Sep 17 00:00:00 2001 From: Shiyong Li Date: Wed, 5 Jan 2022 01:31:49 +0000 Subject: [PATCH] consolidate display sysfs nodes into one context Bug: 209890345 Bug: 209705194 Test: check selinux denial info Signed-off-by: Shiyong Li Change-Id: I208f84caf0cbcd18bb3da8004362e6f996cbaba5 --- tracking_denials/hal_graphics_composer_default.te | 8 -------- tracking_denials/rlsservice.te | 4 ++-- whitechapel_pro/file.te | 1 - whitechapel_pro/genfs_contexts | 11 ++++------- whitechapel_pro/hal_power_stats_default.te | 2 +- whitechapel_pro/hal_sensors_default.te | 2 +- 6 files changed, 8 insertions(+), 20 deletions(-) diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te index 88c6aaba..a8333447 100644 --- a/tracking_denials/hal_graphics_composer_default.te +++ b/tracking_denials/hal_graphics_composer_default.te @@ -27,14 +27,6 @@ dontaudit hal_graphics_composer_default sysfs:file { getattr }; dontaudit hal_graphics_composer_default sysfs:file { open }; dontaudit hal_graphics_composer_default sysfs:file { read }; dontaudit hal_graphics_composer_default sysfs:file { write }; -dontaudit hal_graphics_composer_default sysfs_display:file { write }; # b/208721526 dontaudit hal_graphics_composer_default dumpstate:fd { use }; dontaudit hal_graphics_composer_default dumpstate:fifo_file { write }; -# b/209705194 -dontaudit hal_graphics_composer_default sysfs_sensors:file { getattr }; -dontaudit hal_graphics_composer_default sysfs_sensors:file { open }; -dontaudit hal_graphics_composer_default sysfs_sensors:file { write }; -# b/209890345 -dontaudit hal_graphics_composer_default sysfs_display:file { getattr }; -dontaudit hal_graphics_composer_default sysfs_display:file { open }; diff --git a/tracking_denials/rlsservice.te b/tracking_denials/rlsservice.te index e0a6630a..ad6ff243 100644 --- a/tracking_denials/rlsservice.te +++ b/tracking_denials/rlsservice.te @@ -23,5 +23,5 @@ dontaudit rlsservice device:dir { watch }; dontaudit rlsservice sysfs:file { open }; dontaudit rlsservice sysfs:file { read }; # b/209705394 -dontaudit rlsservice sysfs_sensors:file { open }; -dontaudit rlsservice sysfs_sensors:file { read }; +dontaudit rlsservice sysfs_display:file { open }; +dontaudit rlsservice sysfs_display:file { read }; diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index 7b886d77..1bf69ad1 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -41,7 +41,6 @@ type sysfs_bcmdhd, sysfs_type, fs_type; type sysfs_wlc, sysfs_type, fs_type; type sysfs_chargelevel, sysfs_type, fs_type; type sysfs_mfc, sysfs_type, fs_type; -type sysfs_sensors, sysfs_type, fs_type; # debugfs type debugfs_f2fs, debugfs_type, fs_type; diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index ae434622..86f3dbd8 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -60,6 +60,10 @@ genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u # Display genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/brightness u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/local_hbm_mode u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 @@ -149,10 +153,3 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mp #SecureElement genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0 - -# Sensors HAL -genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_sensors:s0 -genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/brightness u:object_r:sysfs_sensors:s0 -genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/local_hbm_mode u:object_r:sysfs_sensors:s0 -genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/state u:object_r:sysfs_sensors:s0 - diff --git a/whitechapel_pro/hal_power_stats_default.te b/whitechapel_pro/hal_power_stats_default.te index 389437aa..aa17ffe1 100644 --- a/whitechapel_pro/hal_power_stats_default.te +++ b/whitechapel_pro/hal_power_stats_default.te @@ -2,4 +2,4 @@ allow hal_power_stats_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_power_stats_default sysfs_scsi_devices_0000:file r_file_perms; # allowed to access dislay stats sysfs node -allow hal_power_stats_default sysfs_sensors:file r_file_perms; +allow hal_power_stats_default sysfs_display:file r_file_perms; diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te index 8cd69b22..c412b3db 100644 --- a/whitechapel_pro/hal_sensors_default.te +++ b/whitechapel_pro/hal_sensors_default.te @@ -26,7 +26,7 @@ allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms; # Allow access to the display info for ALS. -allow hal_sensors_default sysfs_sensors:file rw_file_perms; +allow hal_sensors_default sysfs_display:file rw_file_perms; # Allow access to the AoC clock and kernel boot time sys FS node. This is needed # to synchronize the AP and AoC clock timestamps.