Evolution-X-Tensor/device_google_shusky
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DiagnosticsTool permissions for accessing touch calibration interface

Browse source 
Grant the DiagnosticsTool (priv_app domain) access to the GTI touch
driver's interactive_calibration interface. This patch does not create a
domain for the DaignosticsTool (see b/301300623).

Fixes these denials:
avc:  denied  { write } for  comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc:  denied  { open } for  comm="diagnosticstool" path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc:  denied  { getattr } for  comm="diagnosticstool" path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc:  denied  { read } for  comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool

Without mlstrustedobject, this denial occurs:
avc:  denied  { write } for  comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=106943 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=0 app=com.google.android.apps.diagnosticstool

Bug: 230050981
Change-Id: I6acbb83c5b4100cb1ae332412b2e4d7f163d300a
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
This commit is contained in:
Steve Pfetsch 2023-09-20 13:05:11 -07:00
parent db0953db64
commit ab87043117
4 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
husky-sepolicy.mk
View file

@ -1,3 +1,5 @@
# sepolicy exclusively for husky. # sepolicy exclusively for husky.
BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/husky BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/husky
# unresolved SELinux error log with bug tracking
BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/tracking_denials

2
shiba-sepolicy.mk
View file

@ -1,3 +1,5 @@
# sepolicy exclusively for shiba. # sepolicy exclusively for shiba.
BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/shiba BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/shiba
# unresolved SELinux error log with bug tracking
BOARD_SEPOLICY_DIRS += device/google/shusky-sepolicy/tracking_denials

2
tracking_denials/file.te Normal file
View file

@ -0,0 +1,2 @@
# b/301300623
typeattribute sysfs_touch_gti mlstrustedobject;

4
tracking_denials/priv_app.te Normal file
View file

@ -0,0 +1,4 @@
# b/301300623
allow priv_app app_api_service:service_manager find;
allow priv_app sysfs_touch_gti:file rw_file_perms;
allow priv_app sysfs_touch_gti:file { getattr open read write };