From bff9489c0e6cc821be6fa0344b428b6b9e52aaf7 Mon Sep 17 00:00:00 2001 From: Jasmine Cha Date: Thu, 16 Sep 2021 17:57:33 +0800 Subject: [PATCH] sm7325-common: sepolicy: add permission to request health/sensor data - Add audio hal into hal_health clients - Allow audio hal to find fwk_sensor_hwservice SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1 SELinux : avc: denied { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1 audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1 audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1 Bug: 199382564 Bug: 199801586 Test: build pass Signed-off-by: Jasmine Cha Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2 --- sepolicy/vendor/hal_audio_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 sepolicy/vendor/hal_audio_default.te diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te new file mode 100644 index 0000000..1f3705d --- /dev/null +++ b/sepolicy/vendor/hal_audio_default.te @@ -0,0 +1,2 @@ +hal_client_domain(hal_audio_default, hal_health); +allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;