Google Git
Sign in
android / device / google / wahoo / fac73dd^! / .
commitfac73dd84cf18b1eeebe1868443b55fc2087f99c[log] [tgz]
authorJoel Galenson <jgalenson@google.com>Tue Apr 10 12:40:09 2018 -0700
committerJoel Galenson <jgalenson@google.com>Tue Apr 10 15:47:50 2018 -0700
tree418c6122c73b334157f711e12599058418302c86
parent2127a72275ea80df4defae59f1541e40e37e9f56 [diff]
Handle some diag-related denials.

This allows the behavior on userdebug and eng builds and hides it on
user builds.

Test: Boot device.
Merged-In: I936f08283bcd03ef88c55b3849f54d2dab5a5d64
Change-Id: I2b9df0f941b25c7813bf2410e94e14f24a7915a6

diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te
index d2638af..2264399 100644
--- a/sepolicy/vendor/hal_gnss_qti.te
+++ b/sepolicy/vendor/hal_gnss_qti.te

@@ -32,8 +32,10 @@
 
 userdebug_or_eng(`
   allow hal_gnss_qti diag_device:chr_file rw_file_perms;
+  r_dir_file(hal_gnss_qti, sysfs_diag)
 ')
 dontaudit hal_gnss_qti diag_device:chr_file rw_file_perms;
+dontaudit hal_gnss_qti sysfs_diag:dir search;
 
 # Most HALs are not allowed to use network sockets. Qcom library
 # libqdi is used across multiple processes which are clients of

diff --git a/sepolicy/vendor/qti.te b/sepolicy/vendor/qti.te
index e71ac82..be32d8c 100644
--- a/sepolicy/vendor/qti.te
+++ b/sepolicy/vendor/qti.te

@@ -17,5 +17,7 @@
 
 userdebug_or_eng(`
   allow qti diag_device:chr_file rw_file_perms;
+  r_dir_file(qti, sysfs_diag)
 ')
 dontaudit qti diag_device:chr_file rw_file_perms;
+dontaudit qti sysfs_diag:dir search;

diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index bd704c2..b301da2 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te

@@ -24,3 +24,8 @@
 allow radio avtimer_device:chr_file r_file_perms;
 
 binder_call(radio, hal_imsrtp)
+
+userdebug_or_eng(`
+  allow radio diag_device:chr_file rw_file_perms;
+')
+dontaudit radio diag_device:chr_file rw_file_perms;