e43ab3c52a
avc: denied { block_suspend } for comm="UsfTransport" capability=36 scontext=u:r:chre:s0 tcontext=u:r:chre:s0 tclass=capability2 permissive=0
Bug: 238666865
Test: Check no chre avc denied.
Change-Id: Ie936055550c6221beae394c264d664c1e76f946b
Signed-off-by: Rick Chen <rickctchen@google.com>
31 lines
993 B
Text
31 lines
993 B
Text
type chre, domain;
|
|
type chre_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(chre)
|
|
|
|
# Permit communication with AoC
|
|
allow chre aoc_device:chr_file rw_file_perms;
|
|
|
|
# Allow CHRE to determine AoC's current clock
|
|
allow chre sysfs_aoc:dir search;
|
|
allow chre sysfs_aoc_boottime:file r_file_perms;
|
|
|
|
# Allow CHRE to create thread to watch AOC's device
|
|
allow chre device:dir r_dir_perms;
|
|
|
|
# Allow CHRE to use the USF low latency transport
|
|
usf_low_latency_transport(chre)
|
|
|
|
# Allow CHRE to talk to the WiFi HAL
|
|
allow chre hal_wifi_ext:binder { call transfer };
|
|
allow chre hal_wifi_ext_hwservice:hwservice_manager find;
|
|
allow chre hal_wifi_ext_service:service_manager find;
|
|
|
|
# Allow CHRE host to talk to stats service
|
|
allow chre fwk_stats_service:service_manager find;
|
|
binder_call(chre, stats_service_server)
|
|
|
|
# Allow CHRE to use WakeLock
|
|
wakelock_use(chre)
|
|
|
|
# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
|
|
allow chre self:global_capability2_class_set block_suspend;
|