msm8974-common: sepolicy: Label sysfs_iio, resolve denials

* avc: denied { read } for name="devices" dev="sysfs" ino=7783 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0 * avc: denied { open } for name="devices" dev="sysfs" ino=7783 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=dir permissive=0 * avc: denied { write } for name="length" dev="sysfs" ino=26482 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file permissive=0 * avc: denied { read } for name="iio:device1" dev="sysfs" ino=26489 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=lnk_file permissive=0 * avc: denied { read } for name="iio:device0" dev="sysfs" ino=26350 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=lnk_file permissive=1 * avc: denied { setattr } for name="length" dev="sysfs" ino=26343 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_iio:s0 tclass=file permissive=1 Change-Id: If9b3e9efe4f7c6eec3faf973e0b7aebd96d76ef3
2018-11-16 07:25:43 -07:00 · 2018-11-16 07:25:43 -07:00 · 8d6d6a1f00
commit 8d6d6a1f00
parent 4cea2fcca2
4 changed files with 12 additions and 0 deletions
--- a/sepolicy/common/file.te
+++ b/sepolicy/common/file.te
@ -2,6 +2,7 @@ type proc_bt_sleep, fs_type;

 type sysfs_camera, fs_type, sysfs_type;
 type sysfs_hal_pwr, fs_type, sysfs_type;
+type sysfs_iio, fs_type, sysfs_type;
 type sysfs_mdnie, fs_type, sysfs_type;
 type sysfs_sec, fs_type, sysfs_type;
 type sysfs_wifi_writeable, fs_type, sysfs_type;
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@ -43,5 +43,9 @@
 /sys/devices/virtual/graphics/fb0/csc_cfg               u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/lcd/panel(/.*)?                    u:object_r:sysfs_graphics:s0

+# sysfs - iio
+/sys/bus/iio/devices(/.*)?                                                          u:object_r:sysfs_iio:s0
+/sys/devices/[a-f0-9]+\.spi/spi_master/spi[0-9]+/spi[0-9]+\.0/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0
+
 # sysfs - mdnie
 /sys/devices/virtual/mdnie/mdnie(/.*)?                  u:object_r:sysfs_mdnie:s0
--- a/sepolicy/common/hal_sensors_default.te
+++ b/sepolicy/common/hal_sensors_default.te
@ -1,2 +1,6 @@
 allow hal_sensors_default sysfs_graphics:dir search;
 allow hal_sensors_default sysfs_graphics:file r_file_perms;
+
+allow hal_sensors_default sysfs_iio:dir r_dir_perms;
+allow hal_sensors_default sysfs_iio:file rw_file_perms;
+allow hal_sensors_default sysfs_iio:lnk_file read;
--- a/sepolicy/common/init.te
+++ b/sepolicy/common/init.te
@ -1,6 +1,9 @@
+allow init sysfs_iio:lnk_file read;
+
 allow init sysfs_graphics:file r_file_perms;

 allow init {
    sysfs_graphics
+    sysfs_iio
    sysfs_mdnie
 }:file setattr;