diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2018-04-13 20:44:04 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-04-13 20:44:04 +0000 |
commit | 63b4c05de1dbf99259878194e5f7f872975aedd3 (patch) | |
tree | 8eefa7b55e7bb605411d197382991352dcdebb09 | |
parent | 82ee41e471025be3d4ce161f2b484481b583abde (diff) | |
parent | fac73dd84cf18b1eeebe1868443b55fc2087f99c (diff) | |
download | wahoo-o-mr1-iot-preview-8.tar.gz |
Merge "Handle some diag-related denials."android-o-mr1-iot-preview-8o-mr1-iot-preview-8
-rw-r--r-- | sepolicy/vendor/hal_gnss_qti.te | 2 | ||||
-rw-r--r-- | sepolicy/vendor/qti.te | 2 | ||||
-rw-r--r-- | sepolicy/vendor/radio.te | 5 |
3 files changed, 9 insertions, 0 deletions
diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te index d2638aff..2264399b 100644 --- a/sepolicy/vendor/hal_gnss_qti.te +++ b/sepolicy/vendor/hal_gnss_qti.te @@ -32,8 +32,10 @@ allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write userdebug_or_eng(` allow hal_gnss_qti diag_device:chr_file rw_file_perms; + r_dir_file(hal_gnss_qti, sysfs_diag) ') dontaudit hal_gnss_qti diag_device:chr_file rw_file_perms; +dontaudit hal_gnss_qti sysfs_diag:dir search; # Most HALs are not allowed to use network sockets. Qcom library # libqdi is used across multiple processes which are clients of diff --git a/sepolicy/vendor/qti.te b/sepolicy/vendor/qti.te index e71ac822..be32d8c1 100644 --- a/sepolicy/vendor/qti.te +++ b/sepolicy/vendor/qti.te @@ -17,5 +17,7 @@ r_dir_file(qti, sysfs_msm_subsys) userdebug_or_eng(` allow qti diag_device:chr_file rw_file_perms; + r_dir_file(qti, sysfs_diag) ') dontaudit qti diag_device:chr_file rw_file_perms; +dontaudit qti sysfs_diag:dir search; diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te index bd704c21..b301da2d 100644 --- a/sepolicy/vendor/radio.te +++ b/sepolicy/vendor/radio.te @@ -24,3 +24,8 @@ r_dir_file(radio, sysfs_msm_subsys) allow radio avtimer_device:chr_file r_file_perms; binder_call(radio, hal_imsrtp) + +userdebug_or_eng(` + allow radio diag_device:chr_file rw_file_perms; +') +dontaudit radio diag_device:chr_file rw_file_perms; |