From 1fd0c782b48636e1f4cd89e1c0bdb2ae4dfce54e Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Fri, 3 Feb 2023 17:25:56 +0100 Subject: [PATCH] sepolicy: Fix trusty_metricsd avc denials * Suez data collection missing Bug: 264489526 Test: ran com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot Change-Id: I667e35c68139a3368655cab4ea40acb529bb65ef Signed-off-by: Donnie Pollitz --- tracking_denials/trusty_metricsd.te | 4 ---- vendor/trusty_metricsd.te | 6 ++++++ 2 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 tracking_denials/trusty_metricsd.te diff --git a/tracking_denials/trusty_metricsd.te b/tracking_denials/trusty_metricsd.te deleted file mode 100644 index 5a31a811..00000000 --- a/tracking_denials/trusty_metricsd.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489526 -userdebug_or_eng(` - permissive trusty_metricsd; -') \ No newline at end of file diff --git a/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te index c007231d..63fc85b6 100644 --- a/vendor/trusty_metricsd.te +++ b/vendor/trusty_metricsd.te @@ -3,3 +3,9 @@ type trusty_metricsd_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(trusty_metricsd) +allow trusty_metricsd tee_device:chr_file rw_file_perms; + +# For Suez metrics collection +binder_use(trusty_metricsd) +binder_call(trusty_metricsd, system_server) +allow trusty_metricsd fwk_stats_service:service_manager find;