commit 04641948c02f96bd2bf00a98d7eaaed4fe138c9d
author Treehugger Robot <treehugger-gerrit@google.com> Tue Jan 31 00:52:05 2017 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 31 00:52:06 2017 +0000
tree 669321e0ee8dbda636f511091f01a862c39910b5
parent 81a73508beb965ab0a6e5d7806e30b1f33164c0f
parent f0f4db9f0173df1389706f7e7f4c5e245659dd6a

Merge "recovery: Allow accessing sysfs_leds."

public/cameraserver.te

diff --git a/public/cameraserver.te b/public/cameraserver.te
index 13c2890..a262940 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -31,6 +31,9 @@
 allow cameraserver scheduling_policy_service:service_manager find;
 allow cameraserver surfaceflinger_service:service_manager find;
 
+# For HIDL hwservicemanager
+allow cameraserver system_file:dir r_dir_perms;
+
 ###
 ### neverallow rules
 ###

public/system_server.te

diff --git a/public/system_server.te b/public/system_server.te
index 61f640d..aef97b5 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -4,9 +4,6 @@
 #
 type system_server, domain, domain_deprecated, mlstrustedsubject;
 
-# Attributes for passthrough hals
-typeattribute system_server hal_light;
-
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file { r_file_perms execute };
@@ -610,6 +607,13 @@
 # Allow system_server to make binder calls to hwservicemanager
 binder_call(system_server, hwservicemanager)
 
+### Rules needed when Light HAL runs inside system_server process.
+### These rules should eventually be granted only when needed.
+allow system_server sysfs_leds:lnk_file read;
+allow system_server sysfs_leds:file rw_file_perms;
+allow system_server sysfs_leds:dir r_dir_perms;
+###
+
 userdebug_or_eng(`
   # Allow WifiService to start, stop, and read wifi-specific trace events.
   allow system_server debugfs_tracing_instances:dir search;