mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 15:09:54 +00:00
display: dontaudit various domains for read/search sysfs_msm_subsys
Graphics drivers gfx promo #0454 adds dependency on gpu_model sysfs node. This needs various domains to have sepolicy to read and search the sysfs node. Dontaudit these domains for read/search into sysfs_msm_subsys Bug: 150924173 Test: device logs does not throw selinux denials, pass pre-submit checks Change-Id: I5b2dd718d6af92ed557da17181d6595f72f0cc29
This commit is contained in:
linjoey
3
sepolicy/vendor/app.te
vendored
3
sepolicy/vendor/app.te
vendored
@@ -1,2 +1,5 @@
|
||||
# For the camera app
|
||||
get_prop(appdomain, camera_prop)
|
||||
|
||||
dontaudit appdomain sysfs_msm_subsys:dir search;
|
||||
dontaudit appdomain sysfs_msm_subsys:file r_file_perms;
|
||||
3
sepolicy/vendor/bootanim.te
vendored
3
sepolicy/vendor/bootanim.te
vendored
@@ -8,3 +8,6 @@ dontaudit bootanim system_data_file:dir read;
|
||||
|
||||
# TODO(b/37205419): Remove upon resolution
|
||||
dontaudit bootanim kernel:system module_request;
|
||||
|
||||
dontaudit bootanim sysfs_msm_subsys:dir search;
|
||||
dontaudit bootanim sysfs_msm_subsys:file r_file_perms;
|
||||
3
sepolicy/vendor/cameraserver.te
vendored
3
sepolicy/vendor/cameraserver.te
vendored
@@ -8,4 +8,7 @@ allow cameraserver sysfs_camera:dir search;
|
||||
|
||||
allow cameraserver system_server:unix_stream_socket { read write };
|
||||
|
||||
dontaudit cameraserver sysfs_msm_subsys:dir search;
|
||||
dontaudit cameraserver sysfs_msm_subsys:file r_file_perms;
|
||||
|
||||
binder_call(cameraserver, mediacodec)
|
||||
|
||||
@@ -1 +1,4 @@
|
||||
dontaudit hal_graphics_allocator_default kernel:system module_request;
|
||||
|
||||
dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search;
|
||||
dontaudit hal_graphics_allocator_default sysfs_msm_subsys:file r_file_perms;
|
||||
3
sepolicy/vendor/surfaceflinger.te
vendored
3
sepolicy/vendor/surfaceflinger.te
vendored
@@ -5,3 +5,6 @@ allow surfaceflinger debugfs_ion:dir search;
|
||||
|
||||
typeattribute surfaceflinger system_writes_vendor_properties_violators;
|
||||
set_prop(surfaceflinger, public_vendor_system_prop)
|
||||
|
||||
dontaudit surfaceflinger sysfs_msm_subsys:dir search;
|
||||
dontaudit surfaceflinger sysfs_msm_subsys:file r_file_perms;
|
||||
3
sepolicy/vendor/system_server.te
vendored
3
sepolicy/vendor/system_server.te
vendored
@@ -23,3 +23,6 @@ typeattribute system_server system_writes_vendor_properties_violators;
|
||||
set_prop(system_server, public_vendor_system_prop)
|
||||
|
||||
dontaudit system_server self:capability sys_module;
|
||||
|
||||
dontaudit system_server sysfs_msm_subsys:dir search;
|
||||
dontaudit system_server sysfs_msm_subsys:file r_file_perms;
|
||||
Reference in New Issue
Block a user