Sepolicy: Add policy rules for untrusted_app context
Add gpu related policy rules for untrusted_app
Addressing the following denial:
type=1400 audit(0.0:593): avc: denied { search } for name="gpu" dev="dm-0"
ino=405 scontext=u:r:untrusted_app:s0:c144,c256,c512,c768
tcontext=u:object_r:vendor_gles_data_file:s0 tclass=dir permissive=0
app=com.android.chrome
Change-Id: Iabbc7bea6f00a055f7f0ea3d2b926225737b99d5
This commit is contained in:
Rahul Janga
committed by
Gerrit - the friendly Code Review server
Gerrit - the friendly Code Review server
parent
6e692787b6
commit
9610a7ef1f
38
generic/vendor/test/untrusted_app.te
vendored
Normal file
38
generic/vendor/test/untrusted_app.te
vendored
Normal file
@@ -0,0 +1,38 @@
|
||||
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
# * Neither the name of The Linux Foundation nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
||||
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#allow untrusted_app clients to access configuration settings
|
||||
userdebug_or_eng(`
|
||||
allow untrusted_app sysfs_kgsl:dir search;
|
||||
dontaudit {
|
||||
untrusted_app
|
||||
} sysfs_kgsl:dir read;
|
||||
r_dir_file(untrusted_app, sysfs_kgsl_snapshot);
|
||||
r_dir_file(untrusted_app, vendor_gles_data_file);
|
||||
allow untrusted_app vendor_gles_data_file:dir rw_dir_perms;
|
||||
allow untrusted_app vendor_gles_data_file:file rw_file_perms;
|
||||
')
|
||||
Reference in New Issue
Block a user