msm8974-common: sepolicy: Label sysfs_iio, resolve denials

* avc: denied { read } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { open } for name="devices" dev="sysfs" ino=7783
  scontext=u:r:hal_sensors_default:s0
  tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0
* avc: denied { write } for name="length" dev="sysfs" ino=26482
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=file permissive=0
* avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489
  scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=0
* avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0
  tclass=lnk_file permissive=1
* avc: denied { setattr } for name="length" dev="sysfs" ino=26343
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file
  permissive=1

Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
This commit is contained in:
Kevin F. Haggerty 2018-11-16 07:25:43 -07:00
parent 4cea2fcca2
commit 8d6d6a1f00
No known key found for this signature in database
GPG Key ID: 6D95512933112729
4 changed files with 12 additions and 0 deletions

View File

@ -2,6 +2,7 @@ type proc_bt_sleep, fs_type;
type sysfs_camera, fs_type, sysfs_type; type sysfs_camera, fs_type, sysfs_type;
type sysfs_hal_pwr, fs_type, sysfs_type; type sysfs_hal_pwr, fs_type, sysfs_type;
type sysfs_iio, fs_type, sysfs_type;
type sysfs_mdnie, fs_type, sysfs_type; type sysfs_mdnie, fs_type, sysfs_type;
type sysfs_sec, fs_type, sysfs_type; type sysfs_sec, fs_type, sysfs_type;
type sysfs_wifi_writeable, fs_type, sysfs_type; type sysfs_wifi_writeable, fs_type, sysfs_type;

View File

@ -43,5 +43,9 @@
/sys/devices/virtual/graphics/fb0/csc_cfg u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb0/csc_cfg u:object_r:sysfs_graphics:s0
/sys/devices/virtual/lcd/panel(/.*)? u:object_r:sysfs_graphics:s0 /sys/devices/virtual/lcd/panel(/.*)? u:object_r:sysfs_graphics:s0
# sysfs - iio
/sys/bus/iio/devices(/.*)? u:object_r:sysfs_iio:s0
/sys/devices/[a-f0-9]+\.spi/spi_master/spi[0-9]+/spi[0-9]+\.0/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
# sysfs - mdnie # sysfs - mdnie
/sys/devices/virtual/mdnie/mdnie(/.*)? u:object_r:sysfs_mdnie:s0 /sys/devices/virtual/mdnie/mdnie(/.*)? u:object_r:sysfs_mdnie:s0

View File

@ -1,2 +1,6 @@
allow hal_sensors_default sysfs_graphics:dir search; allow hal_sensors_default sysfs_graphics:dir search;
allow hal_sensors_default sysfs_graphics:file r_file_perms; allow hal_sensors_default sysfs_graphics:file r_file_perms;
allow hal_sensors_default sysfs_iio:dir r_dir_perms;
allow hal_sensors_default sysfs_iio:file rw_file_perms;
allow hal_sensors_default sysfs_iio:lnk_file read;

View File

@ -1,6 +1,9 @@
allow init sysfs_iio:lnk_file read;
allow init sysfs_graphics:file r_file_perms; allow init sysfs_graphics:file r_file_perms;
allow init { allow init {
sysfs_graphics sysfs_graphics
sysfs_iio
sysfs_mdnie sysfs_mdnie
}:file setattr; }:file setattr;