7ad58f9629
In some cases vendor_init_fingerprint, vendor_init_hw,
and vendor_qti_init_shell were not allowed to execute setprop/getprop
This caused ril and fingerprint, as well as partially sensors to fail.
Log:
avc: denied { execute_no_trans } for pid=613 comm="init.oem.hw.sh" path="/vendor/bin/setprop" dev="overlay" ino=32565 scontext=u:r:vendor_init_hw:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
avc: denied { execute_no_trans } for comm="init.qcom.early" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
avc: denied { execute_no_trans } for comm="init.oem.finger" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_init_fingerprint:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
avc: denied { execute_no_trans } for comm="init.qcom.post_" path="/vendor/bin/getprop" dev="overlay" ino=34132 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0
15 lines
No EOL
744 B
Text
15 lines
No EOL
744 B
Text
type vendor_init_fingerprint, domain;
|
|
type vendor_init_fingerprint_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(vendor_init_fingerprint)
|
|
|
|
allow vendor_init_fingerprint self:capability { kill sys_module };
|
|
allow vendor_init_fingerprint vendor_file:system module_load;
|
|
allow vendor_init_fingerprint vendor_toolbox_exec:file rx_file_perms;
|
|
allow vendor_init_fingerprint vendor_persist_fps_file:file create_file_perms;
|
|
allow vendor_init_fingerprint vendor_persist_fps_file:dir rw_dir_perms;
|
|
allow vendor_init_fingerprint mnt_vendor_file:dir search;
|
|
|
|
set_prop(vendor_init_fingerprint, ctl_start_prop)
|
|
set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop)
|
|
|
|
allow vendor_init_fingerprint vendor_file:file execute_no_trans; |