Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add chre policy am: fb2e376d26

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21533834

Change-Id: Iff4cde7901e7d05627e7f9f7c0d27fc457bba4dc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Wilson Sung 2023-02-23 05:14:46 +00:00 committed by Automerger Merge Worker
commit a4ccb38798
2 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tracking_denials/chre.te
View file

@ -1,17 +1,6 @@
# b/260522435
dontaudit chre aoc_device:chr_file { getattr };
dontaudit chre aoc_device:chr_file { open };
dontaudit chre aoc_device:chr_file { read write };
dontaudit chre chre:capability2 { block_suspend };
dontaudit chre device:dir { read };
dontaudit chre device:dir { watch };
# b/261105224 # b/261105224
dontaudit chre hal_system_suspend_service:service_manager { find }; dontaudit chre hal_system_suspend_service:service_manager { find };
dontaudit chre servicemanager:binder { call }; dontaudit chre servicemanager:binder { call };
dontaudit chre sysfs_aoc:dir { search };
dontaudit chre sysfs_aoc_boottime:file { getattr };
dontaudit chre sysfs_aoc_boottime:file { open };
dontaudit chre sysfs_aoc_boottime:file { read };
dontaudit chre system_suspend_server:binder { call }; dontaudit chre system_suspend_server:binder { call };
# b/264489633 # b/264489633
userdebug_or_eng(` userdebug_or_eng(`

12
vendor/chre.te vendored
View file

@ -2,3 +2,15 @@ type chre, domain;
type chre_exec, vendor_file_type, exec_type, file_type; type chre_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(chre) init_daemon_domain(chre)
# Permit communication with AoC
allow chre aoc_device:chr_file rw_file_perms;
# Allow CHRE to determine AoC's current clock
allow chre sysfs_aoc:dir search;
allow chre sysfs_aoc_boottime:file r_file_perms;
# Allow CHRE to create thread to watch AOC's device
allow chre device:dir r_dir_perms;
# Allow CHRE to use WakeLock
wakelock_use(chre)