tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: allow surfaceflinger to set surfaceflinger_display_prop

Browse source 
W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=graphics.display.kernel_idle_timer.enabled pid=643
uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:surfaceflinger_display_prop:s0
tclass=property_service permissive=0

Bug: 157513573
Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled
Test: vendor_init can get graphics.display.kernel_idle_timer.enabled
Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614
Merged-In: I78023a7857c8aa81a8863010b875bcb885bae614
Merged-In: Ic26874a74b10b13539846de33b3a8aa745c9841a
This commit is contained in:
Midas Chien 2020-06-17 22:13:21 +08:00 committed by Ady Abraham
parent cd2996d1e1
commit 58fc40a8ba
10 changed files with 10 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/30.0/private/property_contexts
View file

@ -264,5 +264,5 @@ init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_p
init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
# vendor-init-settable # surfaceflinger-settable
graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool

4
prebuilts/api/30.0/private/surfaceflinger.te
View file

@ -57,9 +57,7 @@ set_prop(surfaceflinger, exported_system_prop)
set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop) set_prop(surfaceflinger, ctl_bootanim_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
# Get properties
get_prop(surfaceflinger, surfaceflinger_display_prop)
# Use open files supplied by an app. # Use open files supplied by an app.
allow surfaceflinger appdomain:fd use; allow surfaceflinger appdomain:fd use;

2
prebuilts/api/30.0/private/system_app.te
View file

@ -57,8 +57,6 @@ auditallow system_app system_radio_prop:property_service set;
auditallow system_app exported_system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set;
# Allow Settings to enable Dynamic System Update # Allow Settings to enable Dynamic System Update
set_prop(system_app, dynamic_system_prop) set_prop(system_app, dynamic_system_prop)
# Allow Settings to config display kernel idle timer
set_prop(system_app, surfaceflinger_display_prop)
# ctl interface # ctl interface
set_prop(system_app, ctl_default_prop) set_prop(system_app, ctl_default_prop)

5
prebuilts/api/30.0/public/property.te
View file

@ -77,6 +77,7 @@ system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(nnapi_ext_deny_product_prop)
system_restricted_prop(restorecon_prop) system_restricted_prop(restorecon_prop)
system_restricted_prop(socket_hook_prop) system_restricted_prop(socket_hook_prop)
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(userspace_reboot_exported_prop) system_restricted_prop(userspace_reboot_exported_prop)
@ -168,7 +169,6 @@ system_public_prop(ota_prop)
system_public_prop(powerctl_prop) system_public_prop(powerctl_prop)
system_public_prop(radio_prop) system_public_prop(radio_prop)
system_public_prop(serialno_prop) system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_display_prop)
system_public_prop(system_prop) system_public_prop(system_prop)
system_public_prop(wifi_log_prop) system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop) system_public_prop(wifi_prop)
@ -614,8 +614,7 @@ neverallow {
neverallow { neverallow {
-init -init
-vendor_init -surfaceflinger
-system_app
} { } {
surfaceflinger_display_prop surfaceflinger_display_prop
}:property_service set; }:property_service set;

2
prebuilts/api/30.0/public/vendor_init.te
View file

@ -236,7 +236,6 @@ set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop) set_prop(vendor_init, serialno_prop)
set_prop(vendor_init, storage_config_prop) set_prop(vendor_init, storage_config_prop)
set_prop(vendor_init, surfaceflinger_display_prop)
set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop) set_prop(vendor_init, vendor_default_prop)
@ -247,6 +246,7 @@ set_prop(vendor_init, wifi_log_prop)
get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported2_radio_prop)
get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, exported3_system_prop)
get_prop(vendor_init, surfaceflinger_display_prop)
get_prop(vendor_init, theme_prop) get_prop(vendor_init, theme_prop)
get_prop(vendor_init, ota_prop) get_prop(vendor_init, ota_prop)

2
private/property_contexts
View file

@ -264,5 +264,5 @@ init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_p
init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
# vendor-init-settable # surfaceflinger-settable
graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool

4
private/surfaceflinger.te
View file

@ -57,9 +57,7 @@ set_prop(surfaceflinger, exported_system_prop)
set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop) set_prop(surfaceflinger, ctl_bootanim_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
# Get properties
get_prop(surfaceflinger, surfaceflinger_display_prop)
# Use open files supplied by an app. # Use open files supplied by an app.
allow surfaceflinger appdomain:fd use; allow surfaceflinger appdomain:fd use;

2
private/system_app.te
View file

@ -57,8 +57,6 @@ auditallow system_app system_radio_prop:property_service set;
auditallow system_app exported_system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set;
# Allow Settings to enable Dynamic System Update # Allow Settings to enable Dynamic System Update
set_prop(system_app, dynamic_system_prop) set_prop(system_app, dynamic_system_prop)
# Allow Settings to config display kernel idle timer
set_prop(system_app, surfaceflinger_display_prop)
# ctl interface # ctl interface
set_prop(system_app, ctl_default_prop) set_prop(system_app, ctl_default_prop)

5
public/property.te
View file

@ -77,6 +77,7 @@ system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(nnapi_ext_deny_product_prop)
system_restricted_prop(restorecon_prop) system_restricted_prop(restorecon_prop)
system_restricted_prop(socket_hook_prop) system_restricted_prop(socket_hook_prop)
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(userspace_reboot_exported_prop) system_restricted_prop(userspace_reboot_exported_prop)
@ -168,7 +169,6 @@ system_public_prop(ota_prop)
system_public_prop(powerctl_prop) system_public_prop(powerctl_prop)
system_public_prop(radio_prop) system_public_prop(radio_prop)
system_public_prop(serialno_prop) system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_display_prop)
system_public_prop(system_prop) system_public_prop(system_prop)
system_public_prop(wifi_log_prop) system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop) system_public_prop(wifi_prop)
@ -614,8 +614,7 @@ neverallow {
neverallow { neverallow {
-init -init
-vendor_init -surfaceflinger
-system_app
} { } {
surfaceflinger_display_prop surfaceflinger_display_prop
}:property_service set; }:property_service set;

2
public/vendor_init.te
View file

@ -236,7 +236,6 @@ set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop) set_prop(vendor_init, serialno_prop)
set_prop(vendor_init, storage_config_prop) set_prop(vendor_init, storage_config_prop)
set_prop(vendor_init, surfaceflinger_display_prop)
set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop) set_prop(vendor_init, vendor_default_prop)
@ -247,6 +246,7 @@ set_prop(vendor_init, wifi_log_prop)
get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported2_radio_prop)
get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, exported3_system_prop)
get_prop(vendor_init, surfaceflinger_display_prop)
get_prop(vendor_init, theme_prop) get_prop(vendor_init, theme_prop)
get_prop(vendor_init, ota_prop) get_prop(vendor_init, ota_prop)