Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow fingerprint to access sysfs_lhbm

Browse source 
Fix following avc denail:
android.hardwar: type=1400 audit(0.0:17): avc:  denied  { write } for  name="local_hbm_delay_frames" dev="sysfs" ino=83619 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 362149568
Test: enroll and authenticate fingerprint
Change-Id: I8c4b18b39fa5c391e9773c7780afe9e0de16e2a9
This commit is contained in:
chenkris 2024-08-28 09:22:57 +00:00
parent e584e43da5
commit dbc540c147
3 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vendor/file.te vendored
View file

@ -17,6 +17,7 @@ type sysfs_write_leds, sysfs_type, fs_type;
type sysfs_fabric, sysfs_type, fs_type;
type sysfs_em_profile, sysfs_type, fs_type;
type sysfs_ospm, sysfs_type, fs_type;
type sysfs_lhbm, sysfs_type, fs_type;
# debugfs
type vendor_regmap_debugfs, fs_type, debugfs_type;

1
vendor/genfs_contexts vendored
View file

@ -408,6 +408,7 @@ genfscon sysfs /devices/platform/hdcp/hdcp2_fail_count
genfscon sysfs /devices/platform/hdcp/hdcp1_success_count u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/local_hbm_delay_frames u:object_r:sysfs_lhbm:s0
# ACPM
genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0

4
vendor/hal_fingerprint_default.te vendored
View file

@ -1,3 +1,4 @@
# SE policies for fingerprint
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
@ -56,3 +57,6 @@ allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms;
# TODO: b/297562630 - remove unecessary permissions once not needed
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
# Allow fingerprint to rw lhbm files
allow hal_fingerprint_default sysfs_lhbm:file rw_file_perms;