Merge "enforce hal_dumpstate_default" into udc-dev

2023-03-14 01:10:42 +00:00 · 2023-03-14 01:10:42 +00:00 · 3906f53197
commit 3906f53197
parent ea9c12efb3 46d5345bc9
2 changed files with 5 additions and 24 deletions
--- a/tracking_denials/hal_dumpstate_default.te
+++ b/tracking_denials/hal_dumpstate_default.te
@ -1,24 +0,0 @@
-# b/259302023
-dontaudit hal_dumpstate_default file_type:file *;
-dontaudit hal_dumpstate_default fs_type:file *;
-dontaudit hal_dumpstate_default file_type:dir *;
-dontaudit hal_dumpstate_default fs_type:dir *;
-dontaudit hal_dumpstate_default property_type:file *;
-# b/261933251
-dontaudit hal_dumpstate_default hal_dumpstate_default:lockdown { integrity };
-dontaudit hal_dumpstate_default logbuffer_device:chr_file { getattr };
-dontaudit hal_dumpstate_default logbuffer_device:chr_file { open };
-dontaudit hal_dumpstate_default logbuffer_device:chr_file { read };
-dontaudit hal_dumpstate_default vndbinder_device:chr_file { ioctl };
-dontaudit hal_dumpstate_default vndbinder_device:chr_file { map };
-dontaudit hal_dumpstate_default vndbinder_device:chr_file { open };
-dontaudit hal_dumpstate_default vndbinder_device:chr_file { read };
-dontaudit hal_dumpstate_default vndbinder_device:chr_file { write };
-# b/262178702
-dontaudit hal_dumpstate_default hal_graphics_composer_default:binder { call };
-dontaudit hal_dumpstate_default vndservicemanager:binder { call };
-# b/264489795
-userdebug_or_eng(`
-  permissive hal_dumpstate_default;
-')# b/264972626
-dontaudit hal_dumpstate_default vendor_displaycolor_service:service_manager { find };
--- a/vendor/hal_dumpstate_default.te
+++ b/vendor/hal_dumpstate_default.te
@ -0,0 +1,5 @@
+allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
+allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
+allow hal_dumpstate_default shell_data_file:file getattr;
+