From 8d8e513025c98de936a4bd6f9db667009ead91a6 Mon Sep 17 00:00:00 2001 From: Jonas Lai Date: Sat, 18 Jan 2020 10:18:07 +0800 Subject: [PATCH] [ALPS04314391] sepolicy: aee_aedv/dumpstate access to camerahalserver Allow aee_aedv/dumpstate to dump debug info from camerahalserver. - SELinux : avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider sid=u:r:aee_aedv:s0 pid=23819 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=0 MTK-Commit-Id: 18210cf3984bd62caa334f28e45bb0f99500bac8 Change-Id: I291450101bd0ea94fca47b592cb1ef7ffb7f1ae4 CR-Id: ALPS04314391 Feature: [Android Default] Camera Application Basic Functions --- non_plat/aee_aedv.te | 3 ++- plat_private/dumpstate.te | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 80486c2..65251e0 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -297,7 +297,8 @@ get_prop(aee_aedv, hwservicemanager_prop) # - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956 # scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager # - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED) -#allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; +hal_client_domain(aee_aedv, hal_camera) +allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; binder_call(aee_aedv, mtk_hal_camera) # Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status diff --git a/plat_private/dumpstate.te b/plat_private/dumpstate.te index a6f49c2..fb1ffaa 100644 --- a/plat_private/dumpstate.te +++ b/plat_private/dumpstate.te @@ -39,7 +39,8 @@ allow dumpstate gpu_device:dir search; # Purpose: 01-01 08:30:57.474 286 286 E SELinux : avc: denied { find } for interface= # android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext= # u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager -#allow dumpstate hal_camera_hwservice:hwservice_manager find; +hal_client_domain(dumpstate, hal_camera) +allow dumpstate hal_camera_hwservice:hwservice_manager find; #Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };')