diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2021-11-24 06:00:17 -0800 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2021-11-24 06:00:17 -0800 |
| commit | dc1d778ee859df453f9354cdae1d4364cc6d68df (patch) | |
| tree | e1111805c6e4f9691b8d59441f65d80ed469adc6 | |
| parent | 979619d3010b85b73e2f806b6dfd287e2502d0c5 (diff) | |
| parent | 9021b7aa45dbcc735a2b0f1f07663462c9e64ad4 (diff) | |
Merge 9021b7aa45dbcc735a2b0f1f07663462c9e64ad4 on remote branch
Change-Id: Ic4f02565d4f1076b6c08272c8a816fac4f2895ad
| -rw-r--r-- | generic/vendor/common/vold.te | 1 | ||||
| -rw-r--r-- | qva/vendor/common/hal_wifi_hostapd.te | 2 | ||||
| -rw-r--r-- | qva/vendor/common/qvrd_vndr.te | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | qva/vendor/common/vppservice.te | 4 |
4 files changed, 7 insertions, 2 deletions
diff --git a/generic/vendor/common/vold.te b/generic/vendor/common/vold.te index bd86659e..5ad1f282 100644 --- a/generic/vendor/common/vold.te +++ b/generic/vendor/common/vold.te @@ -29,3 +29,4 @@ get_prop(vold, vendor_tee_listener_prop) # Based on the comment from b/111409607 FITRIM might # be needed allow vold mnt_vendor_file:dir { open read ioctl }; +allow vold vendor_sysfs_mmc_host:file w_file_perms; diff --git a/qva/vendor/common/hal_wifi_hostapd.te b/qva/vendor/common/hal_wifi_hostapd.te index cdf0bc5c..54b16f73 100644 --- a/qva/vendor/common/hal_wifi_hostapd.te +++ b/qva/vendor/common/hal_wifi_hostapd.te @@ -29,7 +29,7 @@ r_dir_file(hal_wifi_hostapd_default, vendor_wifi_vendor_data_file) allow hal_wifi_hostapd_default hostapd_data_file:dir rw_dir_perms; allow hal_wifi_hostapd_default hostapd_data_file:file create_file_perms; -allow hal_wifi_hostapd_default vendor_wifi_vendor_data_file:dir write; +allow hal_wifi_hostapd_default vendor_wifi_vendor_data_file:dir rw_dir_perms; # Allow hostapd to create control socket under its data folder allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms; diff --git a/qva/vendor/common/qvrd_vndr.te b/qva/vendor/common/qvrd_vndr.te index c378c471..0c022197 100644 --- a/qva/vendor/common/qvrd_vndr.te +++ b/qva/vendor/common/qvrd_vndr.te @@ -25,7 +25,7 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -type vendor_qvrd_vndr, domain; +type vendor_qvrd_vndr, domain, mlstrustedsubject; type vendor_qvrd_vndr_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(vendor_qvrd_vndr) diff --git a/qva/vendor/common/vppservice.te b/qva/vendor/common/vppservice.te index bf73e3c4..cecc3e98 100644..100755 --- a/qva/vendor/common/vppservice.te +++ b/qva/vendor/common/vppservice.te @@ -57,6 +57,10 @@ allow vendor_vppservice ion_device:chr_file rw_file_perms; allow vendor_vppservice video_device:chr_file rw_file_perms; allow vendor_vppservice vendor_qdsp_device:chr_file r_file_perms; allow vendor_vppservice gpu_device:chr_file rw_file_perms; + +# suppress xdsp denial, since it is expected +dontaudit vendor_vppservice vendor_xdsp_device:chr_file { open read ioctl }; + # allow vppservice to access dsp read_prop get_prop(vendor_vppservice, vendor_adsprpc_prop) |