From 371f678632b6b155cb2261e2bccbf1eb098af104 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Mon, 22 Jul 2024 23:00:02 +0000 Subject: [PATCH] Revert^2 "Add udc sysfs to udc_sysfs fs context" This reverts commit 66ba3214b8b8025549abde921943327fa183bedc. Reason for revert: fix breakage in next build with build-time flag in selinux policy. Fixed the following audit logs: [ 285.983545] type=1400 audit(1724270284.724:31): avc: denied { read } for comm="android.hardwar" name="state" dev="sysfs" ino=85740 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:sysfs_udc:s0 tclass=file permissive=0 Bug: 339241080 Test: tested on Shiba trunk_staging and next builds Flag: build.RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED Change-Id: Ie4979f408a5bca0bb9b9762048ab716ddeeb4d2f --- vendor/genfs_contexts | 3 +++ vendor/hal_usb_impl.te | 3 +++ 2 files changed, 6 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f43bce14..78f6cee2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -255,6 +255,9 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply/pca9 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, ` +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/udc/11210000.dwc3/state u:object_r:sysfs_udc:s0 +') genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1 u:object_r:sysfs_wakeup:s0 diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 3d89a09f..7c320b65 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -20,6 +20,9 @@ hal_client_domain(hal_usb_impl, hal_thermal); # For monitoring usb sysfs attributes allow hal_usb_impl sysfs_wakeup:dir search; allow hal_usb_impl sysfs_wakeup:file r_file_perms; +is_flag_enabled(RELEASE_USB_UDC_SYSFS_SELINUX_POLICY_ENABLED, ` +allow hal_usb_impl sysfs_udc:file r_file_perms; +') # For metrics upload allow hal_usb_impl fwk_stats_service:service_manager find;