diff options
| author | Mason Wang <masonwang@google.com> | 2022-10-28 11:16:37 +0800 |
|---|---|---|
| committer | Mason Wang <masonwang@google.com> | 2022-10-28 12:44:25 +0800 |
| commit | b1d4e8ab2f5e985656b9f58801776b200ae00d8f (patch) | |
| tree | 314b0a47f959f2931c7654f7cfdc2d3e5c7c2834 | |
| parent | 9219b31d1354244948184283e0713841c032b576 (diff) | |
| download | felix-sepolicy-b1d4e8ab2f5e985656b9f58801776b200ae00d8f.tar.gz | |
Allow dumpstate to access touch vendor nodes
Fix following avc denial log:
avc: denied { write } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { open } for path="/sys/devices/platform/10950000.spi/spi_master/spi6/spi6.0/stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="stm_fts_cmd" dev="sysfs" ino=113133 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/240632721
avc: denied { read } for name="driver_test" dev="proc" ino=4026535565 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 bug=b/240632721
avc: denied { read } for name="appid" dev="sysfs" ino=108992 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/240632721
Bug: 226475119
Bug: 254164096
Test: There are no above avc denial logs.
Change-Id: Ie01104ebfb94154584d9d466cb295095eb634f48
| -rw-r--r-- | vendor/genfs_contexts | 6 | ||||
| -rw-r--r-- | vendor/hal_dumpstate_default.te | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index d6ca0f2..0658e31 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -35,3 +35,9 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0036/power_supply/maxfg_ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9222/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,dual_batt_gauge/power_supply/dualbatt/wakeup u:object_r:sysfs_wakeup:s0 + +#Touch +genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0 u:object_r:sysfs_touch:s0 +genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0 u:object_r:sysfs_touch:s0 +genfscon proc /fts/driver_test u:object_r:proc_touch:s0 +genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0 diff --git a/vendor/hal_dumpstate_default.te b/vendor/hal_dumpstate_default.te new file mode 100644 index 0000000..6675163 --- /dev/null +++ b/vendor/hal_dumpstate_default.te @@ -0,0 +1,5 @@ +allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; +allow hal_dumpstate_default sysfs_touch:file rw_file_perms; + +allow hal_dumpstate_default proc_touch:dir r_dir_perms; +allow hal_dumpstate_default proc_touch:file rw_file_perms; |