sm6375-common: sepolicy: Allow fp hal to access graphics device
* I HwBinder:1502_1: type=1400 audit(0.0:862): avc: denied { read write } for name="card0" dev="tmpfs" ino=26702 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
* I HwBinder:1502_1: type=1400 audit(0.0:863): avc: denied { open } for path="/dev/dri/card0" dev="tmpfs" ino=26702 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
* I HwBinder:1502_1: type=1400 audit(0.0:864): avc: denied { ioctl } for path="/dev/dri/card0" dev="tmpfs" ino=26702 ioctlcmd=0x649f scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
Change-Id: Iccfda81d6ab92f43c988ab2ff85577dffbcd5699
This commit is contained in:
Anand S
parent
63efc084ce
commit
a515c2c835
2 changed files with 4 additions and 0 deletions
3
sepolicy/vendor/file_contexts
vendored
3
sepolicy/vendor/file_contexts
vendored
|
|
@ -43,6 +43,9 @@
|
|||
/(mnt/vendor/persist|persist)/chargeonly(/.*)? u:object_r:persist_chargeonly_file:s0
|
||||
/(vendor|system/vendor)/bin/charge_only_mode u:object_r:charge_only_exec:s0
|
||||
|
||||
# DRI
|
||||
/dev/dri/card[0-4] u:object_r:graphics_device:s0
|
||||
|
||||
# Fingerprint
|
||||
/(mnt/vendor/persist|persist)/egis(/.*)? u:object_r:vendor_persist_egis_file:s0
|
||||
/(mnt/vendor/persist|persist)/fps(/.*)? u:object_r:vendor_persist_fps_file:s0
|
||||
|
|
|
|||
1
sepolicy/vendor/hal_fingerprint_default.te
vendored
1
sepolicy/vendor/hal_fingerprint_default.te
vendored
|
|
@ -3,6 +3,7 @@ allow hal_fingerprint_default {
|
|||
egis_device
|
||||
goodix_device
|
||||
tee_device
|
||||
graphics_device
|
||||
}: chr_file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default self:binder { call transfer };
|
||||
|
|
|
|||
Loading…
Reference in a new issue