From be8aedd6ac6c6422f6cace09a1ac6d6d69697c6c Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Mon, 25 Oct 2021 11:24:26 +0800 Subject: [PATCH] fix hal_fingerprint_default denails 10-25 11:19:03.649 430 430 E SELinux : avc: denied { find } for pid=958 uid=1000 name=android.hardware.power.IPower/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_power_service:s0 tclass=service_manager permissive=1 10-25 11:19:04.509 430 430 E SELinux : avc: denied { find } for pid=958 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1 Bug: 202906981 Test: boot with no fingerprint errors Change-Id: I95dcda0698c7fcec1e4874b95b598bc987e83e58 --- tracking_denials/hal_fingerprint_default.te | 4 ---- whitechapel_pro/hal_fingerprint_default.te | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) delete mode 100644 tracking_denials/hal_fingerprint_default.te create mode 100644 whitechapel_pro/hal_fingerprint_default.te diff --git a/tracking_denials/hal_fingerprint_default.te b/tracking_denials/hal_fingerprint_default.te deleted file mode 100644 index 238a3941..00000000 --- a/tracking_denials/hal_fingerprint_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/202906981 -dontaudit hal_fingerprint_default block_device:dir { search }; -dontaudit hal_fingerprint_default hal_fingerprint_ext_hwservice:hwservice_manager { add }; -dontaudit hal_fingerprint_default hal_fingerprint_ext_hwservice:hwservice_manager { find }; diff --git a/whitechapel_pro/hal_fingerprint_default.te b/whitechapel_pro/hal_fingerprint_default.te new file mode 100644 index 00000000..4ddef392 --- /dev/null +++ b/whitechapel_pro/hal_fingerprint_default.te @@ -0,0 +1,5 @@ +hal_client_domain(hal_fingerprint_default, hal_power) +add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice) + +allow hal_fingerprint_default fwk_stats_service:service_manager find; +allow hal_fingerprint_default block_device:dir search;