24ad0c2d7f
This will fix some avc denials:
* SELinux : avc: denied { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0
* binder:501_1: type=1400 audit(0.0:30): avc: denied { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0
* android.hardwar: type=1400 audit(0.0:10): avc: denied { call }
for scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0
Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
23 lines
1 KiB
Text
23 lines
1 KiB
Text
# Allowed to access required sysfs nodes
|
|
r_dir_file(hal_power_stats_default, sysfs_aoc)
|
|
r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate)
|
|
r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
|
|
r_dir_file(hal_power_stats_default, sysfs_cpu)
|
|
r_dir_file(hal_power_stats_default, sysfs_display)
|
|
r_dir_file(hal_power_stats_default, sysfs_edgetpu)
|
|
r_dir_file(hal_power_stats_default, sysfs_iio_devices)
|
|
r_dir_file(hal_power_stats_default, sysfs_leds)
|
|
r_dir_file(hal_power_stats_default, sysfs_odpm)
|
|
r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
|
|
r_dir_file(hal_power_stats_default, sysfs_wifi)
|
|
r_dir_file(hal_power_stats_default, powerstats_vendor_data_file)
|
|
|
|
# Rail selection requires read/write permissions
|
|
allow hal_power_stats_default sysfs_odpm:dir search;
|
|
allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
|
|
|
|
# getStateResidency AIDL callback for Bluetooth HAL
|
|
binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
|
|
|
|
# getStateResidency AIDL callback for Composer HAL
|
|
binder_call(hal_power_stats_default, hal_graphics_composer_default)
|