Evolution-x-devices/device_xiaomi_sdm710-common
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_sdm710-common synced 2026-01-27 18:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

sdm710-common: sepolicy: Address thermal-engine denials

Browse Source 
* <Q blobs require broader sysfs access and we don't
  want to relabel stuff like /sys/class/kgsl.

Resolves:
I auditd  : type=1400 audit(0.0:37): avc: denied { read } for comm="thermal-engine" name="kgsl" dev="sysfs" ino=45578 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0

Change-Id: I6a821da53686eba33990ae231ccae700de2d7391
This commit is contained in:
LuK1337
2020-03-28 17:08:22 +01:00
committed by Ivan Vecera
parent 17dda4226e
commit 0e6d050fdd
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sepolicy/vendor/thermal-engine.te vendored
View File

@@ -4,4 +4,8 @@ allow thermal-engine thermal_data_file:file create_file_perms;
allow thermal-engine self:capability { chown fowner }; allow thermal-engine self:capability { chown fowner };
allow thermal-engine sysfs_devfreq:dir r_dir_perms; allow thermal-engine sysfs_devfreq:dir r_dir_perms;
# Allow thermal-engine to read files in /sys because <Q blobs require broader
# sysfs access and we don't want to relabel stuff like /sys/class/kgsl
r_dir_file(thermal-engine, sysfs)
set_prop(thermal-engine, vendor_thermal_normal_prop) set_prop(thermal-engine, vendor_thermal_normal_prop)