From d5e44df4bb934f337d2e987b2e088b46af4173f0 Mon Sep 17 00:00:00 2001 From: Yen-Chao Chen Date: Tue, 2 May 2023 14:35:08 +0800 Subject: [PATCH] touch: provide permission for TouchInspector app avc: denied { write } for name="driver_test" dev="proc" ino=4026535975 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { open } for path="/proc/fts/driver_test" dev="proc" ino=4026535975 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { getattr } for path="/proc/fts/driver_test" dev="proc" ino=4026535975 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector avc: denied { read } for name="driver_test" dev="proc" ino=4026535975 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1 app=com.google.touch.touchinspector Bug: 279675034 Test: trigger touch calibration by the app. Change-Id: Ib1621aa0fd3f10c2e12d7ec8930908ca77c615bb Signed-off-by: Yen-Chao Chen --- touch/touchinspector/sepolicy/file.te | 3 +++ touch/touchinspector/sepolicy/google_touch_app.te | 9 +++++++++ touch/touchinspector/sepolicy/seapp_contexts | 2 ++ touch/touchinspector/touchinspector.mk | 3 +++ 4 files changed, 17 insertions(+) create mode 100644 touch/touchinspector/sepolicy/file.te create mode 100644 touch/touchinspector/sepolicy/google_touch_app.te create mode 100644 touch/touchinspector/sepolicy/seapp_contexts create mode 100644 touch/touchinspector/touchinspector.mk diff --git a/touch/touchinspector/sepolicy/file.te b/touch/touchinspector/sepolicy/file.te new file mode 100644 index 0000000..f9468a0 --- /dev/null +++ b/touch/touchinspector/sepolicy/file.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + typeattribute proc_touch mlstrustedobject; +') diff --git a/touch/touchinspector/sepolicy/google_touch_app.te b/touch/touchinspector/sepolicy/google_touch_app.te new file mode 100644 index 0000000..0c6928d --- /dev/null +++ b/touch/touchinspector/sepolicy/google_touch_app.te @@ -0,0 +1,9 @@ +type google_touch_app, domain; + +userdebug_or_eng(` + app_domain(google_touch_app) + + allow google_touch_app app_api_service:service_manager find; + + allow google_touch_app proc_touch:file rw_file_perms; +') diff --git a/touch/touchinspector/sepolicy/seapp_contexts b/touch/touchinspector/sepolicy/seapp_contexts new file mode 100644 index 0000000..659caf4 --- /dev/null +++ b/touch/touchinspector/sepolicy/seapp_contexts @@ -0,0 +1,2 @@ +# Touch app +user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user diff --git a/touch/touchinspector/touchinspector.mk b/touch/touchinspector/touchinspector.mk new file mode 100644 index 0000000..d17d8dc --- /dev/null +++ b/touch/touchinspector/touchinspector.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/touchinspector/sepolicy + +PRODUCT_PACKAGES_DEBUG += TouchInspector