From f57f7914f39357bc226e8ad513cfce6b662073e9 Mon Sep 17 00:00:00 2001 From: "hongxu.zhao" Date: Sat, 18 Jan 2020 10:19:22 +0800 Subject: [PATCH] [ALPS04761129] sensor: high risk sepolicy of mtk_hal_sensors give /sys/class/sensor folder perms for mtk_hal_sensors MTK-Commit-Id: 7d2c08aad389eb68e423d9fa75d5c4f0d514577c Change-Id: I63c5300a31b523de5d4c22ac53e5e03ba8cdd048 CR-Id: ALPS04761129 Feature: Sensor Hub --- non_plat/file.te | 3 +++ non_plat/genfs_contexts | 4 +++- non_plat/mtk_hal_sensors.te | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/non_plat/file.te b/non_plat/file.te index 6f4a647..e44df6c 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -381,3 +381,6 @@ type debugfs_smi_mon, fs_type, debugfs_type; # Date : WK19.34 # Purpose: Android Migration for video codec driver type vcodec_file, file_type, data_file_type; + +# Date : 2019/08/24 +type sysfs_sensor, fs_type, sysfs_type; diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index e4e3a9f..118dd9e 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -214,4 +214,6 @@ genfscon iso9660 / u:object_r:iso9660:s0 genfscon rawfs / u:object_r:rawfs:s0 genfscon fuseblk / u:object_r:fuseblk:s0 - +# 2019/08/24 +genfscon sysfs /class/sensor u:object_r:sysfs_sensor:s0 +genfscon sysfs /devices/virtual/sensor u:object_r:sysfs_sensor:s0 \ No newline at end of file diff --git a/non_plat/mtk_hal_sensors.te b/non_plat/mtk_hal_sensors.te index a0da1ca..51662d9 100644 --- a/non_plat/mtk_hal_sensors.te +++ b/non_plat/mtk_hal_sensors.te @@ -27,7 +27,8 @@ allow mtk_hal_sensors system_file:dir read; allow mtk_hal_sensors system_file:dir open; # sensors input rw access -allow mtk_hal_sensors sysfs:file rw_file_perms; +allow mtk_hal_sensors sysfs_sensor:dir r_dir_perms; +allow mtk_hal_sensors sysfs_sensor:file rw_file_perms; # hal sensor for chr_file allow mtk_hal_sensors hwmsensor_device:chr_file r_file_perms;