diff options
author | Jyoti Bhayana <jbhayana@google.com> | 2020-07-06 09:37:57 -0700 |
---|---|---|
committer | Jyoti Bhayana <jbhayana@google.com> | 2020-07-06 12:44:44 -0700 |
commit | ea04839825e2c42859078f49a12f783e7659a5f4 (patch) | |
tree | f3033d7d45ce19811c39e78f3e6c5ff276c58935 | |
parent | 49481e786ab0a3909fe2f953bd33d7e8614aa2cc (diff) | |
download | device_google_trout-ea04839825e2c42859078f49a12f783e7659a5f4.tar.gz device_google_trout-ea04839825e2c42859078f49a12f783e7659a5f4.tar.bz2 device_google_trout-ea04839825e2c42859078f49a12f783e7659a5f4.zip |
Adding selinux policy for sensor hal
Bug: 159964102
Test: Build,test that there is no "avc: denied" message for
hal_sensors_default in logcat
Change-Id: I89174ba4da59ba30cf7b31b60b1e13166775827b
-rw-r--r-- | sepolicy/vendor/google/file.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/google/file_contexts | 7 | ||||
-rw-r--r-- | sepolicy/vendor/google/hal_sensors_default.te | 3 |
3 files changed, 11 insertions, 0 deletions
diff --git a/sepolicy/vendor/google/file.te b/sepolicy/vendor/google/file.te new file mode 100644 index 0000000..44f654a --- /dev/null +++ b/sepolicy/vendor/google/file.te @@ -0,0 +1 @@ +type sysfs_iio_file_ctrl, fs_type, sysfs_type; diff --git a/sepolicy/vendor/google/file_contexts b/sepolicy/vendor/google/file_contexts index 2442508..63e7355 100644 --- a/sepolicy/vendor/google/file_contexts +++ b/sepolicy/vendor/google/file_contexts @@ -9,3 +9,10 @@ # Audio Control HAL /vendor/bin/hw/android\.hardware\.audiocontrol@2\.0-service\.trout u:object_r:hal_audiocontrol_impl_exec:s0 + +# Sensor HAL +/sys/bus/iio/devices/iio:device[0-9]+ u:object_r:sysfs_iio_devices:s0 +/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+(/.*)? u:object_r:sysfs_iio_devices:s0 +/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/[^/]+_sampling_frequency$ u:object_r:sysfs_iio_file_ctrl:s0 +/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/scan_elements/[^/]+_en$ u:object_r:sysfs_iio_file_ctrl:s0 +/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/buffer/enable$ u:object_r:sysfs_iio_file_ctrl:s0 diff --git a/sepolicy/vendor/google/hal_sensors_default.te b/sepolicy/vendor/google/hal_sensors_default.te new file mode 100644 index 0000000..e0c6871 --- /dev/null +++ b/sepolicy/vendor/google/hal_sensors_default.te @@ -0,0 +1,3 @@ +r_dir_file(hal_sensors_default, sysfs_iio_devices); +allow hal_sensors_default sysfs_iio_file_ctrl:file rw_file_perms; +allow hal_sensors_default iio_device:chr_file r_file_perms; |