From 22c17673b0d69d8f24a93cf2805a12c20bb6d0f7 Mon Sep 17 00:00:00 2001 From: gilliu Date: Thu, 27 Jun 2024 08:14:52 +0000 Subject: [PATCH] add hal_graphics_composer to access thermal temperature type=1400 audit(0.0:77): avc: denied { search } for name="thermal" dev="tmpfs" ino=1618 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0 type=1400 audit(0.0:74): avc: denied { search } for name="thermal" dev="sysfs" ino=21594 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0 type=1400 audit(0.0:74): avc: denied { read } for name="temp" dev="sysfs" ino=73536 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0 type=1400 audit(0.0:74): avc: denied { getattr } for path="/sys/devices/virtual/thermal/thermal_zone12/temp" dev="sysfs" ino=73537 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0 Bug: 343141590 Test: check no avc pattern on logcat from test image Flag: NONE add permission (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1dde3ea2ff33bdf253fbbfb609ec21eaccffeaf4) Cherry-pick temp_rr_regamma to 24Q3 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c0fa5fcc6da5545982c8293c644aa1adccbc270f) Merged-In: I87fce47644b07342d756e7594685eea0dded1926 Change-Id: I87fce47644b07342d756e7594685eea0dded1926 --- vendor/hal_graphics_composer_default.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te index 3eed6973..e5d76091 100644 --- a/vendor/hal_graphics_composer_default.te +++ b/vendor/hal_graphics_composer_default.te @@ -42,6 +42,11 @@ allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms; allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms; allow hal_graphics_composer_default vendor_log_file:dir search; +# allow HWC to access powerstats +allow hal_graphics_composer_default thermal_link_device:dir search; +allow hal_graphics_composer_default sysfs_thermal:dir search; +allow hal_graphics_composer_default sysfs_thermal:file r_file_perms; + # allow HWC to access IStats AIDL allow hal_graphics_composer_default fwk_stats_service:service_manager find; binder_call(hal_graphics_composer_default, system_server);