tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow init to create & write to vibrator/trigger.

Browse source 
The write is here: https://android.googlesource.com/platform/system/core/+/master/rootdir/init.rc#257.

Denials (on a device with the sysfs_vibrator label properly applied):
denied { write } for name="vibrator" dev="sysfs" ino=49613 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir
denied { write } for name="trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file
denied { open } for path="/sys/devices/<redacted>/vibrator/trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file

Bug: b/72643420
Test: Device boots, denials gone

Change-Id: Ib50d9a8533303daccb1330685e3204bea3fbd8a8
This commit is contained in:
Alan Stokes 2018-02-23 18:20:31 +00:00
parent f98cd4faab
commit 5a570606ec
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
public/init.te
View file

@ -320,6 +320,14 @@ allow init {
sysfs_zram sysfs_zram
}:file rw_file_perms; }:file rw_file_perms;
# Allow init to write to vibrator/trigger
allow init sysfs_vibrator:file w_file_perms;
# Creating files on sysfs is impossible so this isn't a threat.
# We may write to a non-existent file to avoid conditional
# init behavior.
dontaudit init sysfs_vibrator:dir write;
# init chmod/chown access to /sys files. # init chmod/chown access to /sys files.
allow init { allow init {
sysfs_android_usb sysfs_android_usb