Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow hal_fingerprint_default to access sysfs_aoc_udfps

Browse source 
Fix the following avc denial:
avc:  denied  { search } for  name="17000000.aoc" dev="sysfs" ino=26962 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=1
avc:  denied  { write } for  name="udfps_set_clock_source" dev="sysfs" ino=110484 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
avc:  denied  { read } for  name="udfps_get_disp_freq" dev="sysfs" ino=110486 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=file permissive=1
avc:  denied  { write } for  name="udfps_set_clock_source" dev="sysfs" ino=109423 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0

Bug: 357976286
Test: Verify fingerprint HAL process can read/write to the sysfs node.
Flag: EXEMPT NDK
Change-Id: Ia8d6288812ef47dad2018d384f43374da7005a4a
This commit is contained in:
Leo Hsieh 2024-08-07 15:23:25 +08:00
parent a59097a64a
commit ac26d97317
3 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vendor/file.te vendored
View file

@ -18,6 +18,7 @@ type sysfs_fabric, sysfs_type, fs_type;
type sysfs_em_profile, sysfs_type, fs_type;
type sysfs_ospm, sysfs_type, fs_type;
type sysfs_lhbm, sysfs_type, fs_type;
type sysfs_aoc_udfps, sysfs_type, fs_type;
# debugfs
type vendor_regmap_debugfs, fs_type, debugfs_type;

3
vendor/genfs_contexts vendored
View file

@ -464,6 +464,9 @@ genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:ob
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
genfscon sysfs /devices/platform/17000000.aoc/notify_timeout_aoc_status u:object_r:sysfs_aoc_notifytimeout:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0
genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0
# OTA
genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0

4
vendor/hal_fingerprint_default.te vendored
View file

@ -60,3 +60,7 @@ allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perm
# Allow fingerprint to rw lhbm files
allow hal_fingerprint_default sysfs_lhbm:file rw_file_perms;
# Allow fingerprint to access sysfs_aoc_udfps
allow hal_fingerprint_default sysfs_aoc:dir search;
allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms;