From b5eec482fddc6f16ce368ad868ab87d83f30439d Mon Sep 17 00:00:00 2001 From: Chris Paulo Date: Fri, 16 Sep 2022 23:54:10 +0000 Subject: device-sepolicy: Add sepolicy for vibrator hal Added sepolicy for vibrator hal specific to device uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1' avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1 avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1 avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms Bug: 198239103 Test: Verified functionality Signed-off-by: Chris Paulo Change-Id: Ib118b553eab1db6f9fadaebeae0d57eb329294e3 --- vendor/file_contexts | 3 +++ vendor/hal_vibrator_default.te | 3 +++ vendor/property_contexts | 2 ++ vendor/vendor_init.te | 4 ++++ 4 files changed, 12 insertions(+) create mode 100644 vendor/hal_vibrator_default.te create mode 100644 vendor/property_contexts diff --git a/vendor/file_contexts b/vendor/file_contexts index d692577..1b1cd08 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -15,3 +15,6 @@ /dev/socket/wifihal(/.*)? u:object_r:vendor_wifihal_socket:s0 /vendor/bin/loc_launcher u:object_r:vendor_location_exec:s0 /vendor/bin/lowi-server u:object_r:lowi_server_exec:s0 + +# Haptics +/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-lynx u:object_r:hal_vibrator_default_exec:s0 \ No newline at end of file diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te new file mode 100644 index 0000000..b5c7202 --- /dev/null +++ b/vendor/hal_vibrator_default.te @@ -0,0 +1,3 @@ +# Allow Vibrator HAL to communicate with daemon via socket +allow hal_vibrator_default chre:unix_stream_socket connectto; +allow hal_vibrator_default chre_socket:sock_file write; \ No newline at end of file diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..75cbb36 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,2 @@ +# Haptics +persist.vendor.vibrator.hal. u:object_r:vendor_vibrator_prop:s0 diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 6d9b469..440c30c 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -1 +1,5 @@ +# Camera set_prop(vendor_init, vendor_camera_prop) + +# Haptics +get_prop(vendor_init, adaptive_haptics_prop) -- cgit v1.2.3