From a391cb083928cb5068573293ec16eedf4cb42e8f Mon Sep 17 00:00:00 2001 From: Cyber Knight Date: Thu, 6 Feb 2025 03:51:30 +0800 Subject: [PATCH] sm8350-common: sepolicy: Address a cameraserver neverallow - For some reason, allowing cameraserver to access sysfs_leds on lahaina results in a neverallow. - Hence, allow cameraserver to access a new type, sysfs_torch which only accesses the relevant nodes we utilize to alleviate the neverallow. Change-Id: I8625b32f2bb501bbf85f0c026dca22a8e0bcc939 Signed-off-by: Cyber Knight --- sepolicy/vendor/cameraserver.te | 2 +- sepolicy/vendor/genfs_contexts | 6 +++--- sepolicy/vendor/torch.te | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 sepolicy/vendor/torch.te diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te index 4f05e2e..438be33 100644 --- a/sepolicy/vendor/cameraserver.te +++ b/sepolicy/vendor/cameraserver.te @@ -1 +1 @@ -allow cameraserver sysfs_leds:file rw_file_perms; +allow cameraserver sysfs_torch:file rw_file_perms; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 755a7b9..597288a 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -8,9 +8,9 @@ genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,ucsi/typec u:object_r:vendor_sysfs_usb_c:s0 # Torch control -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:torch_1/brightness u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:torch_1/max_brightness u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:switch_1/brightness u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:torch_1/brightness u:object_r:sysfs_torch:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:torch_1/max_brightness u:object_r:sysfs_torch:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,flash_led@ee00/leds/led:switch_1/brightness u:object_r:sysfs_torch:s0 # Wakeup nodes genfscon sysfs /devices/platform/goodix_ts.0/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/torch.te b/sepolicy/vendor/torch.te new file mode 100644 index 0000000..b8b6b42 --- /dev/null +++ b/sepolicy/vendor/torch.te @@ -0,0 +1 @@ +type sysfs_torch, fs_type, sysfs_type;