5df8045c3b
avc: denied { search } for name="battery" dev="sysfs" ino=78703 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
avc: denied { read } for name="status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/google,battery/power_supply/battery/status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/devices/platform/google,battery/power_supply/battery/status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { read } for name="status" dev="sysfs" ino=78714 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
avc: denied { search } for name="i2c-p9222" dev="sysfs" ino=69679 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
Bug: 254155730
Test: Manually test no avc denied for MagCC
Change-Id: Ie5261b39187ffcdf645ae64727c54643bdbc1c47
Signed-off-by: chiayupei <chiayupei@google.com>
88 lines
3.3 KiB
Text
88 lines
3.3 KiB
Text
#
|
|
# USF sensor HAL SELinux type enforcements.
|
|
#
|
|
|
|
# Allow access to the AoC communication driver.
|
|
allow hal_sensors_default aoc_device:chr_file rw_file_perms;
|
|
|
|
# Allow access to CHRE socket to connect to nanoapps.
|
|
allow hal_sensors_default chre:unix_stream_socket connectto;
|
|
allow hal_sensors_default chre_socket:sock_file write;
|
|
|
|
# Allow create thread to watch AOC's device.
|
|
allow hal_sensors_default device:dir r_dir_perms;
|
|
|
|
# Allow access for dynamic sensor properties.
|
|
get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
|
|
|
|
# Allow access to raw HID devices for dynamic sensors.
|
|
allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
|
|
|
|
# Allow SensorSuez to connect AIDL stats.
|
|
allow hal_sensors_default fwk_stats_service:service_manager find;
|
|
|
|
# Allow reading of sensor registry persist files and camera persist files.
|
|
allow hal_sensors_default mnt_vendor_file:dir search;
|
|
allow hal_sensors_default persist_file:dir search;
|
|
allow hal_sensors_default persist_file:file r_file_perms;
|
|
allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
|
|
allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
|
|
r_dir_file(hal_sensors_default, persist_camera_file)
|
|
|
|
# Allow creation and writing of sensor registry data files.
|
|
allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
|
|
allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
# Allow creation and writing of sensor debug data files.
|
|
allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms;
|
|
allow hal_sensors_default sensor_debug_data_file:file create_file_perms;
|
|
')
|
|
|
|
# Allow access to the display info for ALS.
|
|
allow hal_sensors_default sysfs_display:file rw_file_perms;
|
|
|
|
# Allow access to the sysfs_aoc.
|
|
allow hal_sensors_default sysfs_aoc:dir search;
|
|
allow hal_sensors_default sysfs_aoc:file r_file_perms;
|
|
|
|
# Allow access for AoC properties.
|
|
get_prop(hal_sensors_default, vendor_aoc_prop)
|
|
|
|
# Allow sensor HAL to read AoC dumpstate.
|
|
allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
|
|
|
|
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
|
|
# to synchronize the AP and AoC clock timestamps.
|
|
allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms;
|
|
|
|
# Allow access to the files of CDT information.
|
|
allow hal_sensors_default sysfs_chosen:dir search;
|
|
allow hal_sensors_default sysfs_chosen:file r_file_perms;
|
|
|
|
# Allow access to sensor service for sensor_listener.
|
|
binder_call(hal_sensors_default, system_server);
|
|
|
|
# Allow sensor HAL to reset AOC.
|
|
allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
|
|
|
|
# Allow sensor HAL to read AoC dumpstate.
|
|
allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
|
|
|
|
# Allow sensor HAL to access the display service HAL
|
|
allow hal_sensors_default hal_pixel_display_service:service_manager find;
|
|
|
|
# Allow display_info_service access to the backlight driver.
|
|
allow hal_sensors_default sysfs_leds:dir search;
|
|
allow hal_sensors_default sysfs_leds:file r_file_perms;
|
|
|
|
# Allow sensor HAL to access the graphics composer.
|
|
binder_call(hal_sensors_default, hal_graphics_composer_default);
|
|
|
|
# Allow display_info_service access to the backlight driver.
|
|
allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
|
|
|
|
# Allow access to the power supply files for MagCC.
|
|
r_dir_file(hal_sensors_default, sysfs_batteryinfo)
|
|
allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
|
|
|