msm8226-common: sepolicy: Label sysfs_input, resolve denials

* avc: denied { read write } for name="poll_delay" dev="sysfs" ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=1 * avc: denied { open } for name="poll_delay" dev="sysfs" ino=27687 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=1 * avc: denied { search } for name="input" dev="sysfs" ino=13030 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0 * avc: denied { read } for name="input6" dev="sysfs" ino=26725 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_input:s0 tclass=dir permissive=0 * avc: denied { read } for name="device" dev="sysfs" ino=26717 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_input:s0 tclass=lnk_file permissive=0 * avc: denied { read write } for name="poll_delay" dev="sysfs" ino=26946 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_input:s0 tclass=file permissive=0 Change-Id: Id46a02a44e773b99ff61f9a8ff18394c74c80f90
2024-11-06 21:55:45 +00:00 · 2018-11-16 07:27:03 -07:00 · 2018-11-16 07:27:03 -07:00 · e38fc5cd87
commit e38fc5cd87
parent 88813355e5
4 changed files with 19 additions and 3 deletions
--- a/sepolicy/common/file.te
+++ b/sepolicy/common/file.te
@ -3,6 +3,7 @@ type proc_bt_sleep, fs_type;
 type sysfs_camera, fs_type, sysfs_type;
 type sysfs_hal_pwr, fs_type, sysfs_type;
 type sysfs_iio, fs_type, sysfs_type;
+type sysfs_input, fs_type, sysfs_type;
 type sysfs_mdnie, fs_type, sysfs_type;
 type sysfs_sec, fs_type, sysfs_type;
 type sysfs_wifi_writeable, fs_type, sysfs_type;
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@ -32,6 +32,7 @@
 /sys/devices/battery.[0-9]+/power_supply/battery(/.*)?           u:object_r:sysfs_batteryinfo:s0
 /sys/devices/platform/bcm[0-9]+_bluetooth/rfkill/rfkill0/state   u:object_r:sysfs_bluetooth_writable:s0
 /sys/devices/virtual/camera(/.*)?                                u:object_r:sysfs_camera:s0
+/sys/devices/virtual/input(/.*)?                                 u:object_r:sysfs_input:s0
 /sys/devices/virtual/sec/sec_key/hall_irq_ctrl                   u:object_r:sysfs_sec:s0
 /sys/devices/.*bcl.*(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/module/dhd/parameters/firmware_path                         u:object_r:sysfs_wifi_writeable:s0
--- a/sepolicy/common/hal_sensors_default.te
+++ b/sepolicy/common/hal_sensors_default.te
@ -1,6 +1,17 @@
 allow hal_sensors_default sysfs_graphics:dir search;
 allow hal_sensors_default sysfs_graphics:file r_file_perms;

-allow hal_sensors_default sysfs_iio:dir r_dir_perms;
-allow hal_sensors_default sysfs_iio:file rw_file_perms;
-allow hal_sensors_default sysfs_iio:lnk_file read;
+allow hal_sensors_default {
+    sysfs_iio
+    sysfs_input
+}:dir r_dir_perms;
+
+allow hal_sensors_default {
+    sysfs_iio
+    sysfs_input
+}:file rw_file_perms;
+
+allow hal_sensors_default {
+    sysfs_iio
+    sysfs_input
+}:lnk_file read;
--- a/sepolicy/common/init.te
+++ b/sepolicy/common/init.te
@ -1,8 +1,11 @@
 allow init sysfs_iio:lnk_file read;

+allow init sysfs_input:file rw_file_perms;
+
 allow init sysfs_graphics:file r_file_perms;

 allow init {
    sysfs_graphics
    sysfs_iio
+    sysfs_input
 }:file setattr;