Merge "Adding allows and contexts to address the following denials"

2026-02-01 07:50:47 +00:00 · 2017-05-03 18:25:48 +00:00
parent e0d1021546 4daa4aee1e
commit 8ee51bb2b2
3 changed files with 13 additions and 1 deletions
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -122,6 +122,7 @@
 /sys/devices/soc/c900000\.qcom,mdss_rotator(/.*)?                   u:object_r:sysfs_msm_subsys:s0
 /sys/devices/soc/c900000\.qcom,mdss_mdp/caps                        u:object_r:sysfs_mdss_mdp_caps:s0
 /sys/devices/soc/c17a000\.i2c/i2c-6/6-005a/leds(/.*)?               u:object_r:sysfs_leds:s0
+/sys/devices/soc/c1b5000\.i2c/i2c-7/7-0030/leds(/.*)?               u:object_r:sysfs_leds:s0
 /sys/devices/soc/c900000\.qcom,mdss_mdp/c900000\.qcom,mdss_mdp:qcom,mdss_fb_primary/leds(/.*)? u:object_r:sysfs_leds:s0
 /sys/devices/soc/800f000\.qcom,spmi/spmi-0/spmi0-03/800f000\.qcom,spmi:qcom,pmi8998@3:qcom,leds@d000/leds(/.*)? u:object_r:sysfs_leds:s0
 /sys/devices/soc/5000000\.qcom,kgsl-3d0(/.*)?                       u:object_r:sysfs_msm_subsys:s0
@@ -135,7 +136,7 @@
 /sys/kernel/debug/rmt_storage(/.*)?                                 u:object_r:debugfs_rmt_storage:s0
 /sys/module/msm_thermal(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/module/tcp_cubic/parameters(/.*)?                              u:object_r:sysfs_net:s0
-/sys/devices/virtual/graphics/fb([0-2])+/idle_time                  u:object_r:sysfs_graphics:s0
+/sys/devices/virtual/graphics/fb([0-2])+(/.*)?                      u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/net(/.*)?                                      u:object_r:sysfs_net:s0
 /sys/devices/soc/8c0000\.qcom,msm-cam(/.*)?                         u:object_r:sysfs_camera:s0
 /sys/devices/soc0(/.*)?                                             u:object_r:sysfs_soc:s0
--- a/sepolicy/hal_gnss_qti.te
+++ b/sepolicy/hal_gnss_qti.te
@@ -4,6 +4,16 @@ hal_server_domain(hal_gnss_qti, hal_gnss)
 type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_gnss_qti)

+r_dir_file(hal_gnss_qti, sysfs_msm_subsys)
+
+allow hal_gnss_qti sysfs_soc:dir search;
+allow hal_gnss_qti sysfs_soc:file r_file_perms;
+
+allow hal_gnss_qti location_data_file:dir w_dir_perms;
+
+allow hal_gnss_qti self:socket create_socket_perms;
+allowxperm hal_gnss_qti self:socket ioctl IPC_ROUTER_IOCTL_LOOKUP_SERVER;
+
 userdebug_or_eng(`
  permissive hal_gnss_qti;
 ')
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -2,6 +2,7 @@ allow ueventd sysfs_thermal:file w_file_perms;
 allow ueventd sysfs_leds:file w_file_perms;
 allow ueventd sysfs_camera:file w_file_perms;
 allow ueventd sysfs_fingerprint:file w_file_perms;
+allow ueventd sysfs_laser:file w_file_perms;
 allow ueventd sysfs_rmtfs:file w_file_perms;
 allow ueventd sysfs_soc:file w_file_perms;
 allow ueventd sysfs_net:file w_file_perms;