Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO NOT MERGE]
Fix the following avc denial:
avc: denied { search } for name="17000000.aoc" dev="sysfs" ino=22035 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=0
avc: denied { write } for name="udfps_set_clock_source" dev="sysfs" ino=106891 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0
avc: denied { read } for name="udfps_get_disp_freq" dev="sysfs" ino=106893 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0
Bug: 267271482
Test: Verify fingerprint HAL process can read/write to the sysfs node.
Change-Id: I39a2e69b1c314d52944bb16ada61e7e6761561cf
This commit is contained in:
leohsieh
parent
15f5afcfab
commit
458b60e5c9
3 changed files with 8 additions and 0 deletions
1
vendor/file.te
vendored
1
vendor/file.te
vendored
|
|
@ -10,6 +10,7 @@ type sysfs_power_dump, sysfs_type, fs_type;
|
||||||
type sysfs_acpm_stats, sysfs_type, fs_type;
|
type sysfs_acpm_stats, sysfs_type, fs_type;
|
||||||
type sysfs_write_leds, sysfs_type, fs_type;
|
type sysfs_write_leds, sysfs_type, fs_type;
|
||||||
type sysfs_pca, sysfs_type, fs_type;
|
type sysfs_pca, sysfs_type, fs_type;
|
||||||
|
type sysfs_aoc_udfps, sysfs_type, fs_type;
|
||||||
|
|
||||||
# Trusty
|
# Trusty
|
||||||
type sysfs_trusty, sysfs_type, fs_type;
|
type sysfs_trusty, sysfs_type, fs_type;
|
||||||
|
|
|
||||||
3
vendor/genfs_contexts
vendored
3
vendor/genfs_contexts
vendored
|
|
@ -469,6 +469,9 @@ genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:ob
|
||||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
|
genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
|
||||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
|
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
|
||||||
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
|
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
|
||||||
|
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0
|
||||||
|
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0
|
||||||
|
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0
|
||||||
|
|
||||||
# OTA
|
# OTA
|
||||||
genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
|
genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
|
||||||
|
|
|
||||||
4
vendor/hal_fingerprint_default.te
vendored
4
vendor/hal_fingerprint_default.te
vendored
|
|
@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal);
|
||||||
# allow fingerprint to read sysfs_leds
|
# allow fingerprint to read sysfs_leds
|
||||||
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
|
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
|
||||||
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
|
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow fingerprint to access sysfs_aoc_udfps
|
||||||
|
allow hal_fingerprint_default sysfs_aoc:dir search;
|
||||||
|
allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue