Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE]

Browse source 
Fix the following avc denial:
avc: denied { search } for name="17000000.aoc" dev="sysfs" ino=22035 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=0
avc: denied { write } for name="udfps_set_clock_source" dev="sysfs" ino=106891 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0
avc: denied { read } for name="udfps_get_disp_freq" dev="sysfs" ino=106893 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0

Bug: 267271482
Test: Verify fingerprint HAL process can read/write to the sysfs node.
Change-Id: I39a2e69b1c314d52944bb16ada61e7e6761561cf
This commit is contained in:
leohsieh 2023-03-14 23:12:06 +08:00
parent 15f5afcfab
commit 458b60e5c9
3 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vendor/file.te vendored
View file

@ -10,6 +10,7 @@ type sysfs_power_dump, sysfs_type, fs_type;
type sysfs_acpm_stats, sysfs_type, fs_type;
type sysfs_write_leds, sysfs_type, fs_type;
type sysfs_pca, sysfs_type, fs_type;
type sysfs_aoc_udfps, sysfs_type, fs_type;
# Trusty
type sysfs_trusty, sysfs_type, fs_type;

3
vendor/genfs_contexts vendored
View file

@ -469,6 +469,9 @@ genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:ob
genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0
# OTA
genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0

4
vendor/hal_fingerprint_default.te vendored
View file

@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal);
# allow fingerprint to read sysfs_leds
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
# Allow fingerprint to access sysfs_aoc_udfps
allow hal_fingerprint_default sysfs_aoc:dir search;
allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms;