diff options
| author | mikeyuewang <mikeyuewang@google.com> | 2023-08-31 00:38:17 +0000 |
|---|---|---|
| committer | Mike Wang <mikeyuewang@google.com> | 2023-09-28 15:22:00 +0000 |
| commit | 1ee598d5d239566cbf1c2569ba2628efa0d56746 (patch) | |
| tree | be851bc3d46c8f82d5d8554425441ecee0f5a954 | |
| parent | 64c085cfabf14f56c21bf620e9eb0de1774842ad (diff) | |
| download | zuma-sepolicy-1ee598d5d239566cbf1c2569ba2628efa0d56746.tar.gz | |
Grant the MDS access to the IPowerStats hal service.
ref logs:
09-06 10:07:18.006 536 536 I auditd : avc: denied { find } for pid=22543 uid=10225 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1
09-06 10:07:18.010 22543 22543 I auditd : type=1400 audit(0.0:65): avc: denied { call } for comm="pool-4-thread-1" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=1 app=com.google.mds
Test: Tested with MDS app and the MDS can get IPowerStats binder and
call the interface.
Bug: 297250368
Change-Id: I7b0eeabdafb49eb33d8016666f9c02f2616f898d
| -rw-r--r-- | radio/modem_diagnostic_app.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 8c4a0ca..b5cce03 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -7,6 +7,8 @@ allow modem_diagnostic_app app_api_service:service_manager find; allow modem_diagnostic_app radio_service:service_manager find; userdebug_or_eng(` + hal_client_domain(modem_diagnostic_app, hal_power_stats); + binder_call(modem_diagnostic_app, dmd) set_prop(modem_diagnostic_app, vendor_cbd_prop) |