From daa6fec44fc33fb2dd5b69b417c898c085cb97f1 Mon Sep 17 00:00:00 2001 From: Joel Galenson Date: Tue, 10 Apr 2018 12:46:55 -0700 Subject: [PATCH] Handle some diag-related denials. This allows the behavior on userdebug and eng builds and hides it on user builds. Bug: 77908806 Test: Boot device. Change-Id: I936f08283bcd03ef88c55b3849f54d2dab5a5d64 (cherry picked from commit 3e3da1baaac981a17c5e40ae7d20110a113d5c63) --- sepolicy/vendor/hal_gnss_qti.te | 2 ++ sepolicy/vendor/qti.te | 2 ++ sepolicy/vendor/radio.te | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te index d2638aff..2264399b 100644 --- a/sepolicy/vendor/hal_gnss_qti.te +++ b/sepolicy/vendor/hal_gnss_qti.te @@ -32,8 +32,10 @@ allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write userdebug_or_eng(` allow hal_gnss_qti diag_device:chr_file rw_file_perms; + r_dir_file(hal_gnss_qti, sysfs_diag) ') dontaudit hal_gnss_qti diag_device:chr_file rw_file_perms; +dontaudit hal_gnss_qti sysfs_diag:dir search; # Most HALs are not allowed to use network sockets. Qcom library # libqdi is used across multiple processes which are clients of diff --git a/sepolicy/vendor/qti.te b/sepolicy/vendor/qti.te index e71ac822..be32d8c1 100644 --- a/sepolicy/vendor/qti.te +++ b/sepolicy/vendor/qti.te @@ -17,5 +17,7 @@ r_dir_file(qti, sysfs_msm_subsys) userdebug_or_eng(` allow qti diag_device:chr_file rw_file_perms; + r_dir_file(qti, sysfs_diag) ') dontaudit qti diag_device:chr_file rw_file_perms; +dontaudit qti sysfs_diag:dir search; diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te index 5e3bdd82..0cb6607b 100644 --- a/sepolicy/vendor/radio.te +++ b/sepolicy/vendor/radio.te @@ -25,6 +25,11 @@ allow radio avtimer_device:chr_file r_file_perms; binder_call(radio, hal_imsrtp) +userdebug_or_eng(` + allow radio diag_device:chr_file rw_file_perms; +') +dontaudit radio diag_device:chr_file rw_file_perms; + # read /proc/cmdline allow radio proc_cmdline:file r_file_perms;