commit 0af6fb7a7687c4d12a41680c7430d39df25b4123
author Siarhei Vishniakou <svv@google.com> Tue Oct 08 05:35:47 2024 +0000
committer Siarhei Vishniakou <svv@google.com> Wed Nov 20 06:02:26 2024 +0000
tree acccbebfd7d9092f9139435a19ff5d44e233484f
parent 09e326f0ccefc14986c0a23726ed9ca8dbefef30

Allow system_server to read /vendor/usr/idc directory

Before this CL, system_server was not allowed to read the contents of the directory, which led to unpredictable results. Occasionally, there were sepolicy denials for InputReader thread.

To fix it, allow system_server to access the entire directory.

Bug: 366252028
Test: presubmit only
Flag: EXEMPT bugfix

Change-Id: I3f3ef251af0b1067a1fc83b26553ea3da0e48e83

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index e26fb4e..ecade7a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -466,8 +466,11 @@
 /(odm|vendor/odm|vendor|system/vendor)/apex(/[^/]+){0,2}              u:object_r:vendor_apex_file:s0
 
 # Input configuration
+/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?            u:object_r:vendor_keylayout_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl        u:object_r:vendor_keylayout_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?             u:object_r:vendor_keychars_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm        u:object_r:vendor_keychars_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?                  u:object_r:vendor_idc_file:s0
 /(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc             u:object_r:vendor_idc_file:s0
 
 /oem(/.*)?              u:object_r:oemfs:s0