Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 0af6fb7a7687c4d12a41680c7430d39df25b4123^! / .
commit0af6fb7a7687c4d12a41680c7430d39df25b4123[log] [tgz]
authorSiarhei Vishniakou <svv@google.com>Tue Oct 08 05:35:47 2024 +0000
committerSiarhei Vishniakou <svv@google.com>Wed Nov 20 06:02:26 2024 +0000
treeacccbebfd7d9092f9139435a19ff5d44e233484f
parent09e326f0ccefc14986c0a23726ed9ca8dbefef30 [diff]
Allow system_server to read /vendor/usr/idc directory

Before this CL, system_server was not allowed to read the contents of the directory, which led to unpredictable results. Occasionally, there were sepolicy denials for InputReader thread.

To fix it, allow system_server to access the entire directory.

Bug: 366252028
Test: presubmit only
Flag: EXEMPT bugfix

Change-Id: I3f3ef251af0b1067a1fc83b26553ea3da0e48e83

diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index e535f6a..998651d 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test

@@ -638,6 +638,7 @@
 /odm/usr/keylayout/test.kl                                        vendor_keylayout_file
 /vendor/odm/usr/keylayout.kl                                      vendor_keylayout_file
 /vendor/odm/usr/keylayout/test.kl                                 vendor_keylayout_file
+/vendor/usr/keylayout                                             vendor_keylayout_file
 /vendor/usr/keylayout.kl                                          vendor_keylayout_file
 /vendor/usr/keylayout/test.kl                                     vendor_keylayout_file
 /system/vendor/usr/keylayout.kl                                   vendor_keylayout_file
@@ -646,6 +647,7 @@
 /odm/usr/keychars/test.kcm                                        vendor_keychars_file
 /vendor/odm/usr/keychars.kcm                                      vendor_keychars_file
 /vendor/odm/usr/keychars/test.kcm                                 vendor_keychars_file
+/vendor/usr/keychars                                              vendor_keychars_file
 /vendor/usr/keychars.kcm                                          vendor_keychars_file
 /vendor/usr/keychars/test.kcm                                     vendor_keychars_file
 /system/vendor/usr/keychars.kcm                                   vendor_keychars_file
@@ -654,6 +656,7 @@
 /odm/usr/idc/test.idc                                             vendor_idc_file
 /vendor/odm/usr/idc.idc                                           vendor_idc_file
 /vendor/odm/usr/idc/test.idc                                      vendor_idc_file
+/vendor/usr/idc                                                   vendor_idc_file
 /vendor/usr/idc.idc                                               vendor_idc_file
 /vendor/usr/idc/test.idc                                          vendor_idc_file
 /system/vendor/usr/idc.idc                                        vendor_idc_file

diff --git a/private/file_contexts b/private/file_contexts
index e26fb4e..ecade7a 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -466,8 +466,11 @@
 /(odm|vendor/odm|vendor|system/vendor)/apex(/[^/]+){0,2}              u:object_r:vendor_apex_file:s0
 
 # Input configuration
+/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?            u:object_r:vendor_keylayout_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl        u:object_r:vendor_keylayout_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?             u:object_r:vendor_keychars_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm        u:object_r:vendor_keychars_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?                  u:object_r:vendor_idc_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc             u:object_r:vendor_idc_file:s0
 
 /oem(/.*)?              u:object_r:oemfs:s0