From 3758cdb733b1bbc20a866917c720682254776d1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Thu, 9 Mar 2023 20:12:27 +0000 Subject: [PATCH] Clean up Google Camera App tracking_denials. EdgeTPU access is already allowed. Vendor property access should be denied and is not an error (most likely from library code that tries to access nonexistent Mediatek-specific properties). Fix: 209889068 Test: presubmit, run GCA Change-Id: Id200da6627ceae1ca6315ea9b4473f61fdc285d0 --- tracking_denials/google_camera_app.te | 8 -------- whitechapel_pro/google_camera_app.te | 3 +++ 2 files changed, 3 insertions(+), 8 deletions(-) delete mode 100644 tracking_denials/google_camera_app.te diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te deleted file mode 100644 index 72796c22..00000000 --- a/tracking_denials/google_camera_app.te +++ /dev/null @@ -1,8 +0,0 @@ -# b/209889068 -dontaudit google_camera_app edgetpu_app_service:service_manager { find }; -dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; -dontaudit google_camera_app edgetpu_device:chr_file { map }; -dontaudit google_camera_app edgetpu_device:chr_file { read write }; -dontaudit google_camera_app vendor_default_prop:file { getattr }; -dontaudit google_camera_app vendor_default_prop:file { map }; -dontaudit google_camera_app vendor_default_prop:file { open }; diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te index 43e3c16e..d73cd3db 100644 --- a/whitechapel_pro/google_camera_app.te +++ b/whitechapel_pro/google_camera_app.te @@ -21,3 +21,6 @@ hal_client_domain(google_camera_app, hal_power) # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open };