9a7af460a5
avc: denied { read } for name="u:object_r:vendor_chre_hal_prop:s0" dev="tmpfs" ino=401 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_chre_hal_prop:s0 tclass=file permissive=0
avc: denied { find } for pid=900 uid=1021 name=android.hardware.contexthub.IContextHub/default scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:hal_contexthub_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_gnss_pixel:s0 tcontext=u:r:hal_contexthub_default:s0 tclass=binder permissive=0
avc: denied { call } for scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0
Bug: 316227249
Test: Verify PixelGnss HAL can connect to Chre HAL.
Test: Function test verification b/330120749 without disable selinux.
Test: No avc error log in logcat.
Change-Id: Ia1052dbc14fdbb6287cd0958b30e1a1a116b7a80
22 lines
638 B
Plaintext
22 lines
638 B
Plaintext
type hal_gnss_pixel, domain;
|
|
hal_server_domain(hal_gnss_pixel, hal_gnss)
|
|
|
|
type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_gnss_pixel)
|
|
|
|
#IPC between pixel and vendor HAL
|
|
binder_call(hal_gnss_pixel, hal_gnss_default)
|
|
|
|
#Read modem state
|
|
allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
|
|
|
|
#Toggle coredump node
|
|
allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
|
|
|
|
# Allow access to CHRE multiclient HAL.
|
|
get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
|
|
|
|
# Allow binder to CHRE.
|
|
binder_call(hal_gnss_pixel, hal_contexthub_default)
|
|
allow hal_gnss_pixel hal_contexthub_service:service_manager find;
|