From 2e4c437b43615ab2fd0e96627681225a209f12b1 Mon Sep 17 00:00:00 2001 From: TeYuan Wang Date: Wed, 6 Mar 2024 21:28:10 +0000 Subject: [PATCH] sepolicy: allow setprop for thermal_controld selinux denied log: [ 53.774820] type=1400 audit(1709683991.036:9): avc: denied { write } for comm="setprop" name="property_service" dev="tmpfs" ino=842 scontext=u:r:pixel-thermal-control-sh:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Bug: 328118301 Test: adb shell getprop vendor.disable.thermalhal.control Change-Id: I590f05d1119d11400b0115fff63b3420790e7332 --- thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te index a6430f1..df699fc 100644 --- a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te +++ b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te @@ -9,5 +9,5 @@ userdebug_or_eng(` allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms; allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms; allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms; - get_prop(pixel-thermal-control-sh, vendor_thermal_prop) + set_prop(pixel-thermal-control-sh, vendor_thermal_prop) ')