Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add chre policy

Browse source 
Bug: 260522435
Bug: 261105224
Test: boot-to-home
Change-Id: Icd8f1ad497357bbbcb9e34509c736f3976ff0ac7
This commit is contained in:
Wilson Sung 2023-02-23 11:02:53 +08:00
parent 6f141a6526
commit fb2e376d26
2 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tracking_denials/chre.te
View file

@ -1,17 +1,6 @@
# b/260522435
dontaudit chre aoc_device:chr_file { getattr };
dontaudit chre aoc_device:chr_file { open };
dontaudit chre aoc_device:chr_file { read write };
dontaudit chre chre:capability2 { block_suspend };
dontaudit chre device:dir { read };
dontaudit chre device:dir { watch };
# b/261105224
dontaudit chre hal_system_suspend_service:service_manager { find };
dontaudit chre servicemanager:binder { call };
dontaudit chre sysfs_aoc:dir { search };
dontaudit chre sysfs_aoc_boottime:file { getattr };
dontaudit chre sysfs_aoc_boottime:file { open };
dontaudit chre sysfs_aoc_boottime:file { read };
dontaudit chre system_suspend_server:binder { call };
# b/264489633
userdebug_or_eng(`

12
vendor/chre.te vendored
View file

@ -2,3 +2,15 @@ type chre, domain;
type chre_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(chre)
# Permit communication with AoC
allow chre aoc_device:chr_file rw_file_perms;
# Allow CHRE to determine AoC's current clock
allow chre sysfs_aoc:dir search;
allow chre sysfs_aoc_boottime:file r_file_perms;
# Allow CHRE to create thread to watch AOC's device
allow chre device:dir r_dir_perms;
# Allow CHRE to use WakeLock
wakelock_use(chre)