From 7ad58f9629dbcd9fa4b85dd8b0f69d08b5c44253 Mon Sep 17 00:00:00 2001 From: SGCMarkus Date: Wed, 9 Mar 2022 22:49:45 +0100 Subject: [PATCH] sm8250-common: sepolicy: allow vendor_file execute_no_trans In some cases vendor_init_fingerprint, vendor_init_hw, and vendor_qti_init_shell were not allowed to execute setprop/getprop This caused ril and fingerprint, as well as partially sensors to fail. Log: avc: denied { execute_no_trans } for pid=613 comm="init.oem.hw.sh" path="/vendor/bin/setprop" dev="overlay" ino=32565 scontext=u:r:vendor_init_hw:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0 avc: denied { execute_no_trans } for comm="init.qcom.early" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0 avc: denied { execute_no_trans } for comm="init.oem.finger" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_init_fingerprint:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0 avc: denied { execute_no_trans } for comm="init.qcom.post_" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0 --- sepolicy/vendor/vendor_init_fingerprint.te | 2 ++ sepolicy/vendor/vendor_init_hw.te | 2 ++ sepolicy/vendor/vendor_qti_init_shell.te | 2 ++ 3 files changed, 6 insertions(+) diff --git a/sepolicy/vendor/vendor_init_fingerprint.te b/sepolicy/vendor/vendor_init_fingerprint.te index eccc602..743ef31 100644 --- a/sepolicy/vendor/vendor_init_fingerprint.te +++ b/sepolicy/vendor/vendor_init_fingerprint.te @@ -11,3 +11,5 @@ allow vendor_init_fingerprint mnt_vendor_file:dir search; set_prop(vendor_init_fingerprint, ctl_start_prop) set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop) + +allow vendor_init_fingerprint vendor_file:file execute_no_trans; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_init_hw.te b/sepolicy/vendor/vendor_init_hw.te index 4f453f6..d8c99ef 100644 --- a/sepolicy/vendor/vendor_init_hw.te +++ b/sepolicy/vendor/vendor_init_hw.te @@ -13,3 +13,5 @@ allow vendor_init_hw vendor_toolbox_exec:file rx_file_perms; set_prop(vendor_init_hw, vendor_mot_hw_prop) set_prop(vendor_init_hw, vendor_mot_touch_prop) + +allow vendor_init_hw vendor_file:file execute_no_trans; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te index 7b789ed..5aeed81 100644 --- a/sepolicy/vendor/vendor_qti_init_shell.te +++ b/sepolicy/vendor/vendor_qti_init_shell.te @@ -2,3 +2,5 @@ allow vendor_qti_init_shell configfs:dir create_dir_perms; allow vendor_qti_init_shell configfs:file create_file_perms; allow vendor_qti_init_shell configfs:lnk_file create_file_perms; allow vendor_qti_init_shell proc_page_cluster:file w_file_perms; + +allow vendor_qti_init_shell vendor_file:file execute_no_trans; \ No newline at end of file