From b69195ebe96f678b1babb14c231c14eb421debcb Mon Sep 17 00:00:00 2001 From: Jinting Lin Date: Fri, 12 Aug 2022 07:56:30 +0000 Subject: [PATCH] Fix avc denied for vendor telephony debug app avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 pid=8533 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { search } for name="com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=344 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=0 avc: denied { write } for name="property_service" dev="tmpfs" ino=379 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Test: manual test Bug: 241976048 Change-Id: I5aa49a8e243d212180c7da6f65da9021164fca44 --- whitechapel_pro/property.te | 2 ++ whitechapel_pro/property_contexts | 3 +++ whitechapel_pro/rild.te | 1 + whitechapel_pro/vendor_telephony_debug_app.te | 16 ++++++++++++++++ 4 files changed, 22 insertions(+) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index bc898f47..ec7d84ed 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -34,3 +34,5 @@ system_vendor_config_prop(vendor_uwb_calibration_prop) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) +# Telephony debug app +vendor_internal_prop(vendor_telephony_app_prop) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index ce737004..98a7980a 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -103,3 +103,6 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # for ims service persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0 + +# for vendor telephony debug app +vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te index d8c8c290..88b88716 100644 --- a/whitechapel_pro/rild.te +++ b/whitechapel_pro/rild.te @@ -26,6 +26,7 @@ binder_call(rild, oemrilservice_app) binder_call(rild, hal_secure_element_uicc) binder_call(rild, grilservice_app) binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) diff --git a/whitechapel_pro/vendor_telephony_debug_app.te b/whitechapel_pro/vendor_telephony_debug_app.te index 946460cc..539fffce 100644 --- a/whitechapel_pro/vendor_telephony_debug_app.te +++ b/whitechapel_pro/vendor_telephony_debug_app.te @@ -2,3 +2,19 @@ type vendor_telephony_debug_app, domain; app_domain(vendor_telephony_debug_app) allow vendor_telephony_debug_app app_api_service:service_manager find; +allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_telephony_debug_app, rild) + +# RIL property +set_prop(vendor_telephony_debug_app, vendor_rild_prop) + +# Debug property +set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop) + +userdebug_or_eng(` +# System Debug Mode +dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms; +dontaudit vendor_telephony_debug_app default_prop:file r_file_perms; +')