DiagnosticsTool permissions for accessing touch calibration interface
Grant the DiagnosticsTool (priv_app domain) access to the GTI touch
driver's interactive_calibration interface. This patch does not create a
domain for the DaignosticsTool (see b/301300623).
Fixes these denials:
avc: denied { write } for comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc: denied { open } for comm="diagnosticstool" path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc: denied { getattr } for comm="diagnosticstool" path="/sys/devices/virtual/goog_touch_interface/gti.0/interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
avc: denied { read } for comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=105273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=1 app=com.google.android.apps.diagnosticstool
Without mlstrustedobject, this denial occurs:
avc: denied { write } for comm="diagnosticstool" name="interactive_calibrate" dev="sysfs" ino=106943 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_touch_gti:s0 tclass=file permissive=0 app=com.google.android.apps.diagnosticstool
Bug: 230050981
Change-Id: I6acbb83c5b4100cb1ae332412b2e4d7f163d300a
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
4 files changed