diff options
| author | Chris Paulo <chrispaulo@google.com> | 2022-08-30 00:29:28 +0000 |
|---|---|---|
| committer | Chris Paulo <chrispaulo@google.com> | 2022-11-17 00:12:25 +0000 |
| commit | 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad (patch) | |
| tree | 06a15bfb0c79889cba90eb8efceb98fd90f2a3c8 | |
| parent | 4a24496e12e3e6a25a89f5d8b82c6fac7dbffd5d (diff) | |
| download | bluejay-sepolicy-5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad.tar.gz | |
[DO NOT MERGE] device/sepolicy: Add sepolicy for vibrator halandroid-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-release
Added sepolicy for vibrator hal specific to device
uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1'
avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1
avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms
avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms
Bug: 198239103
Test: Verified functionality
Signed-off-by: Chris Paulo <chrispaulo@google.com>
Change-Id: I1f38a069c06c5cc142236aed9cb34eede77c0315
| -rw-r--r-- | bluejay-sepolicy.mk | 1 | ||||
| -rw-r--r-- | vendor/file_contexts | 2 | ||||
| -rw-r--r-- | vendor/hal_vibrator_default.te | 3 | ||||
| -rw-r--r-- | vendor/property_contexts | 2 | ||||
| -rw-r--r-- | vendor/vendor_init.te | 2 |
5 files changed, 10 insertions, 0 deletions
diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk index cb5229b..5a2b557 100644 --- a/bluejay-sepolicy.mk +++ b/bluejay-sepolicy.mk @@ -1,2 +1,3 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay +BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..66359fc --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,2 @@ +# Haptics +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay u:object_r:hal_vibrator_default_exec:s0 diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te new file mode 100644 index 0000000..8cb0c72 --- /dev/null +++ b/vendor/hal_vibrator_default.te @@ -0,0 +1,3 @@ +# Allow Vibrator HAL to communicate with daemon via socket +allow hal_vibrator_default chre:unix_stream_socket connectto; +allow hal_vibrator_default chre_socket:sock_file write; diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..4222a57 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,2 @@ +# Haptics +persist.vendor.vibrator.hal. u:object_r:vendor_vibrator_prop:s0 diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te new file mode 100644 index 0000000..6641c23 --- /dev/null +++ b/vendor/vendor_init.te @@ -0,0 +1,2 @@ +# Haptics +get_prop(vendor_init, adaptive_haptics_prop) |