From 241d26082876e2aea4397561c6b805ff0fdb4811 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sun, 25 Nov 2018 15:28:31 -0700 Subject: [PATCH] msm8974-common: sepolicy: Update sysfs_mdnie, resolve denials * avc: denied { setattr } for name="scenario" dev="sysfs" ino=12753 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_mdnie:s0 tclass=file permissive=0 * avc: denied { search } for name="mdnie" dev="sysfs" ino=12743i scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_mdnie:s0 tclass=dir permissive=0 Change-Id: I4a0530136d7d1e6ee8ede0733e70de813382372b --- sepolicy/common/file_contexts | 8 ++------ sepolicy/common/init.te | 1 + sepolicy/common/system_app.te | 1 + 3 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 sepolicy/common/init.te diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts index b844035..2ec0e36 100644 --- a/sepolicy/common/file_contexts +++ b/sepolicy/common/file_contexts @@ -37,9 +37,5 @@ /sys/module/dhd/parameters/firmware_path u:object_r:sysfs_wifi_writeable:s0 /sys/module/dhd/parameters/nvram_path u:object_r:sysfs_wifi_writeable:s0 -# mdnie sysfs -/sys/devices/virtual/lcd/panel/panel/auto_brightness u:object_r:sysfs_mdnie:s0 -/sys/devices/virtual/mdnie/mdnie/accessibility u:object_r:sysfs_mdnie:s0 -/sys/devices/virtual/mdnie/mdnie/mode u:object_r:sysfs_mdnie:s0 -/sys/devices/virtual/mdnie/mdnie/outdoor u:object_r:sysfs_mdnie:s0 -/sys/devices/virtual/mdnie/mdnie/scenario u:object_r:sysfs_mdnie:s0 +# sysfs - mdnie +/sys/devices/virtual/mdnie/mdnie(/.*)? u:object_r:sysfs_mdnie:s0 diff --git a/sepolicy/common/init.te b/sepolicy/common/init.te new file mode 100644 index 0000000..28fce7a --- /dev/null +++ b/sepolicy/common/init.te @@ -0,0 +1 @@ +allow init sysfs_mdnie:file setattr; diff --git a/sepolicy/common/system_app.te b/sepolicy/common/system_app.te index 5bce4cf..9aa08bc 100644 --- a/sepolicy/common/system_app.te +++ b/sepolicy/common/system_app.te @@ -1 +1,2 @@ +allow system_app sysfs_mdnie:dir search; allow system_app sysfs_mdnie:file rw_file_perms;