universal7580: sepolicy: Fix SELinux denials related to the A5 as well as a couple...

author Danny Wood <danwood76@gmail.com>

Tue, 25 Jun 2019 10:40:23 +0000 (11:40 +0100)

committer Jan Altensen <info@stricted.net>

Fri, 16 Aug 2019 21:18:56 +0000 (23:18 +0200)
author Danny Wood <danwood76@gmail.com>
Tue, 25 Jun 2019 10:40:23 +0000 (11:40 +0100)
committer Jan Altensen <info@stricted.net>
Fri, 16 Aug 2019 21:18:56 +0000 (23:18 +0200)
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts

index 93895d97f6b76774113efc1de230652b1c7f3775..bdbe0a1a008c3f8ca81ae2fd8689e45d7e207afb 100644 (file)
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -29,6 +29,17 @@ genfscon sysfs /devices/13850000.i2c/i2c-10/10-0050/input/input3/enabled    u:ob
  genfscon sysfs /devices/virtual/sec/sec_touchkey/                           u:object_r:sysfs_input:s0
  genfscon sysfs /devices/virtual/sec/sec_key/                                u:object_r:sysfs_input:s0
  genfscon sysfs /devices/virtual/sec/tsp/                                    u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/secgpio_check/                              u:object_r:sysfs_input:s0
+
+# A5 power supply devices
+genfscon sysfs /devices/battery.43/power_supply                                     u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/i2c.42/i2c-7/7-0071/power_supply                            u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/13890000.hsi2c/i2c-2/2-0049/sm5705-charger/power_supply     u:object_r:sysfs_usb_supply:s0
+
+# A5 Input devices
+genfscon sysfs /devices/13850000.i2c/i2c-10/10-0020/input/input3            u:object_r:sysfs_input:s0
+genfscon sysfs /devices/i2c.20/i2c-4/4-0020/input/input2                    u:object_r:sysfs_input:s0
+genfscon sysfs /devices/virtual/fingerprint/fingerprint                     u:object_r:sysfs_input:s0
  
  # SEC GPIO input devices
  genfscon sysfs /class/secgpio_check/secgpio_check_all/gpioinit_check        u:object_r:sysfs_input:s0
diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te

new file mode 100644 (file)

index 0000000..03a4040
--- /dev/null
+++ b/sepolicy/hal_fingerprint_default.te
@@ -0,0 +1,4 @@
+# hal_fingerprint_default
+allow hal_fingerprint_default sysfs_input:dir search;
+allow hal_fingerprint_default sysfs_input:file rw_file_perms;
+
diff --git a/sepolicy/hal_power_default.te b/sepolicy/hal_power_default.te

index 7d68aed8b5004c8562c08235eb3ff2c50289ed0d..c56c43270a9a1102d25a8efc1b047ba5b32eb9f5 100644 (file)
--- a/sepolicy/hal_power_default.te
+++ b/sepolicy/hal_power_default.te
@@ -3,6 +3,7 @@ allow hal_power_default sysfs:dir { open read search };
  allow hal_power_default sysfs:file { rw_file_perms };
  
  # Input devices
+allow hal_power_default sysfs_input:dir search;
  allow hal_power_default sysfs_input:file { rw_file_perms };
  
  # CPU devices
author	Danny Wood <danwood76@gmail.com>
	Tue, 25 Jun 2019 10:40:23 +0000 (11:40 +0100)
committer	Jan Altensen <info@stricted.net>
	Fri, 16 Aug 2019 21:18:56 +0000 (23:18 +0200)
sepolicy/genfs_contexts		patch \| blob \| blame \| history
sepolicy/hal_fingerprint_default.te	[new file with mode: 0644]	patch \| blob
sepolicy/hal_power_default.te		patch \| blob \| blame \| history