From 0c59021e5887202fbfa7305f8ed9d22e48733101 Mon Sep 17 00:00:00 2001 From: Hsiu-Chang Chen Date: Wed, 27 Jul 2022 13:35:04 +0800 Subject: [PATCH] Add sepolicy for hal_wifi_ext 07-27 11:58:09.569 869 869 I auditd : type=1400 audit(0.0:2682598): avc: denied { read } for comm="wifi_ext@1.0-se" name="driverdump" dev="proc" ino=4026535980 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 Bug: 239656339 Test: avc error is gone Change-Id: Icf816897780fecc1bb35696e492e6fa2661abc20 --- vendor/file.te | 3 ++- vendor/genfs_contexts | 1 + vendor/hal_wifi_ext.te | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/vendor/file.te b/vendor/file.te index 2553c74..b70b548 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -2,4 +2,5 @@ type vendor_location_data_file, file_type, data_file_type; type vendor_location_socket, file_type; type vendor_wifi_vendor_data_file, file_type, data_file_type; type vendor_wifihal_socket, file_type; -type vendor_location_sysfs, fs_type, sysfs_type; \ No newline at end of file +type vendor_location_sysfs, fs_type, sysfs_type; +type vendor_proc_wifi_dbg, fs_type, proc_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 9419ac4..dd1b196 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -3,6 +3,7 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u # Wifi genfscon sysfs /devices/soc0/soc_id u:object_r:vendor_location_sysfs:s0 +genfscon proc /debugdriver/driverdump u:object_r:vendor_proc_wifi_dbg:s0 # BMS genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9222 u:object_r:sysfs_wlc:s0 diff --git a/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te index b26ff32..fbe187d 100644 --- a/vendor/hal_wifi_ext.te +++ b/vendor/hal_wifi_ext.te @@ -11,3 +11,6 @@ allow hal_wifi_ext lowi_server:unix_dgram_socket sendto; unix_socket_connect(hal_wifi, vendor_location, vendor_location) allow hal_wifi_ext vendor_wifihal_socket:dir rw_dir_perms; allow hal_wifi_ext vendor_wifihal_socket:sock_file create_file_perms; + +# allow hal_wifi to write into /proc/debugdriver/driverdump +r_dir_file(hal_wifi_ext, vendor_proc_wifi_dbg);