Fix avc denied and remove tracking_denials for hal_usb_impl
Fix avc denial for hal_usb_impl. Bug: 263048760 Test: no avc denied for hal_usb_impl Change-Id: Iaeea9d1f99f715c0f856a3a9f9fcd2e8d371f3d3
This commit is contained in:
Ray Chi
parent
171bfb004b
commit
0801e5e421
2 changed files with 12 additions and 42 deletions
|
|
@ -1,42 +0,0 @@
|
||||||
# b/261651326
|
|
||||||
dontaudit hal_usb_impl hal_thermal_default:binder { call };
|
|
||||||
dontaudit hal_usb_impl hal_thermal_default:binder { transfer };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:capability2 { block_suspend };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:capability2 { wake_alarm };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { bind };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { create };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { getopt };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { read };
|
|
||||||
dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { setopt };
|
|
||||||
dontaudit hal_usb_impl hal_usb_service:service_manager { add };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager:binder { call };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager:binder { transfer };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager_prop:file { getattr };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager_prop:file { map };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager_prop:file { open };
|
|
||||||
dontaudit hal_usb_impl hwservicemanager_prop:file { read };
|
|
||||||
dontaudit hal_usb_impl servicemanager:binder { call };
|
|
||||||
dontaudit hal_usb_impl servicemanager:binder { transfer };
|
|
||||||
dontaudit hal_usb_impl sysfs:dir { open };
|
|
||||||
dontaudit hal_usb_impl sysfs:dir { read };
|
|
||||||
dontaudit hal_usb_impl sysfs:file { getattr };
|
|
||||||
dontaudit hal_usb_impl sysfs:file { open };
|
|
||||||
dontaudit hal_usb_impl sysfs:file { read };
|
|
||||||
dontaudit hal_usb_impl system_server:binder { call };
|
|
||||||
# b/263048760
|
|
||||||
dontaudit hal_usb_impl dumpstate:fd { use };
|
|
||||||
dontaudit hal_usb_impl dumpstate:fifo_file { write };
|
|
||||||
# b/264204023
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:dir { search };
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:file { getattr };
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:file { open };
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:file { read };
|
|
||||||
# b/264489561
|
|
||||||
userdebug_or_eng(`
|
|
||||||
permissive hal_usb_impl;
|
|
||||||
')# b/264606212
|
|
||||||
dontaudit hal_usb_impl hal_thermal_hwservice:hwservice_manager { find };
|
|
||||||
dontaudit hal_usb_impl hidl_manager_hwservice:hwservice_manager { find };
|
|
||||||
# b/265383532
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:dir { open };
|
|
||||||
dontaudit hal_usb_impl sysfs_batteryinfo:dir { read };
|
|
||||||
12
vendor/hal_usb_impl.te
vendored
12
vendor/hal_usb_impl.te
vendored
|
|
@ -2,3 +2,15 @@ type hal_usb_impl, domain;
|
||||||
|
|
||||||
type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
|
type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
|
||||||
init_daemon_domain(hal_usb_impl)
|
init_daemon_domain(hal_usb_impl)
|
||||||
|
hal_server_domain(hal_usb_impl, hal_usb)
|
||||||
|
hal_server_domain(hal_usb_impl, hal_usb_gadget)
|
||||||
|
|
||||||
|
allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
|
||||||
|
allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
|
||||||
|
|
||||||
|
# Needed for monitoring usb port temperature
|
||||||
|
allow hal_usb_impl self:capability2 wake_alarm;
|
||||||
|
wakelock_use(hal_usb_impl);
|
||||||
|
|
||||||
|
# For interfacing with ThermalHAL
|
||||||
|
hal_client_domain(hal_usb_impl, hal_thermal);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue