Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove vendor_firmware_file type

Browse Source 
It's causing surfaceflinger denials and does not exist on other
devices. Grant kernel read access to vendor/firmware's new type.

denied { search } for comm="surfaceflinger" name="firmware"
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_firmware_file:s0
tclass=dir

denied { read } for comm="surfaceflinger" name="a530_pm4.fw"
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=0

Test: boot Taimen without denials.
Bug: 68213100
Change-Id: I8b070a0aae59e12391c881cec8a46b6b4dbe1c67
This commit is contained in:
Jeff Vander Stoep
2018-02-28 10:19:54 -08:00
parent 3f61aa4387
commit 9df9ad04d4
5 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sepolicy/vendor/bug_map vendored
View File

@@ -1 +0,0 @@
surfaceflinger vendor_firmware_file dir 68213100

2
sepolicy/vendor/file.te vendored
View File

@@ -71,8 +71,6 @@ type sensors_vendor_data_file, file_type, data_file_type;
type audio_vendor_data_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
type vendor_firmware_file, vendor_file_type, file_type;
#data sysfs files
type sysfs_data, fs_type, sysfs_type;

1
sepolicy/vendor/file_contexts vendored
View File

@@ -120,7 +120,6 @@
/system/bin/move_widevine_data\.sh u:object_r:move-widevine-data-sh_exec:s0
# files in /vendor
/vendor/firmware(/.*)? u:object_r:vendor_firmware_file:s0
/vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service.wahoo u:object_r:hal_dumpstate_impl_exec:s0
/vendor/bin/hw/android\.hardware\.vr@1\.0-service.wahoo u:object_r:hal_vr_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service.wahoo u:object_r:hal_fingerprint_default_exec:s0

7
sepolicy/vendor/kernel.te vendored
View File

@@ -3,12 +3,11 @@ userdebug_or_eng(`
allow kernel self:socket create;
')
allow kernel vendor_firmware_file:dir search;
allow kernel vendor_firmware_file:file r_file_perms;
allow kernel vendor_firmware_file:lnk_file read;
dontaudit kernel kernel:system module_request;
# Read FDs from /vendor/firmware
allow kernel vendor_file:file r_file_perms;
allow kernel debugfs_ipc:dir search;
allow kernel persist_file:dir search;

1
sepolicy/vendor/surfaceflinger.te vendored
View File

@@ -1,3 +1,4 @@
dontaudit surfaceflinger firmware_file:dir search;
dontaudit surfaceflinger vendor_file:file read;
dontaudit surfaceflinger kernel:system module_request;
allow surfaceflinger debugfs_ion:dir search;