From af745fc21ce7e4809e50cd6d8be71a1005e69cf0 Mon Sep 17 00:00:00 2001 From: chrisl7 Date: Tue, 22 Aug 2023 23:17:13 +0000 Subject: [PATCH] sm6375-common: sepolicy: Set stflashtool prop correctly 06-22 19:23:59.519 608 608 I auditd : type=1400 audit(0.0:17): avc: denied { read } for comm="STFlashTool" name="u:object_r:nfc_prop:s0" dev="tmpfs" ino=11923 scontext=u:r:stflashtool:s0 tcontext=u:object_r:nfc_prop:s0 tclass=file permissive=0 06-22 19:23:59.599 1 1 I auditd : type=1107 audit(0.0:18): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=nfc.fw.dnld_force pid=608 uid=1027 gid=1027 scontext=u:r:stflashtool:s0 tcontext=u:object_r:nfc_prop:s0 tclass=property_service permissive=0' Signed-off-by: chrisl7 --- sepolicy/vendor/hal_nfc_default.te | 2 ++ sepolicy/vendor/property.te | 3 +++ sepolicy/vendor/property_contexts | 2 +- sepolicy/vendor/stflashtool.te | 4 ++-- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te index 03077c6..0ba4e8a 100644 --- a/sepolicy/vendor/hal_nfc_default.te +++ b/sepolicy/vendor/hal_nfc_default.te @@ -2,3 +2,5 @@ allow hal_nfc_default vendor_nfc_vendor_data_file:dir { search write }; allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms; allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms; + +set_prop(hal_nfc_default, vendor_nfc_prop) diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index c38e9ab..63d6625 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -10,5 +10,8 @@ vendor_internal_prop(vendor_thermal_normal_prop) # IMEI vendor_internal_prop(vendor_deviceid_prop); +# NFC +vendor_internal_prop(vendor_nfc_prop) + # Serial number vendor_internal_prop(vendor_sno_prop); diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 2191401..356ebaa 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -29,7 +29,7 @@ persist.vendor.sys.pay. u:object_r:vendor_tee_listener_prop:s0 persist.vendor.sys.provision.status u:object_r:vendor_tee_listener_prop:s0 # NFC -ro.vendor.nfc.repair u:object_r:vendor_public_vendor_default_prop:s0 +ro.vendor.nfc.repair u:object_r:vendor_nfc_prop:s0 # RIL odm.ril.radio.status. u:object_r:vendor_radio_prop:s0 diff --git a/sepolicy/vendor/stflashtool.te b/sepolicy/vendor/stflashtool.te index 7436272..a5feae0 100644 --- a/sepolicy/vendor/stflashtool.te +++ b/sepolicy/vendor/stflashtool.te @@ -4,7 +4,7 @@ type stflashtool_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(stflashtool) allow stflashtool nfc_device:chr_file {ioctl read write getattr lock append map open watch watch_reads}; -allow stflashtool vendor_nfc_nq_prop:file { read getattr open map }; get_prop(stflashtool, vendor_radio_prop) -set_prop(stflashtool, vendor_nfc_nq_prop) +get_prop(stflashtool, vendor_nfc_prop) +set_prop(stflashtool, vendor_nfc_prop)