From cc3c3cbf7041ee894a85b950eabb9bc245bead0a Mon Sep 17 00:00:00 2001 From: AnierinB Date: Sat, 19 Nov 2022 11:00:30 +0000 Subject: [PATCH] sepolicy: qti: Allow kernel to read vendor_file There are two ways for the kernel to load iris5.fw. The first way is via fw_get_filesystem_firmware(), which read iris5.fw directly from the filesystem using filp_read(). The second way gets FW via ueventd, which calls request_firmware(). Because the kernel unconditionally calls fw_get_filesystem_firmware() for iris5, the first way always gets executed. However, the current sepolicy denies read access to iris5.fw for the kernel, causing this way to never work. The second way is used only on ioctl(), which would likely be sent from HWC. Unlike the first way, the second way *does* work as-is, and since HWC is always started when booting into Android, we don't have to worry about the first way being broken. However, HWC doesn't run offline charging mode, so we have to rely on the first way for that case. Unfortunately, since the first way is broken, offline charging fails to work properly as a result. As such, we need to fix that denial to make the first way work again. Change-Id: Iba43afc5dba1c64d8ced9f374bbf9f0457db3c92 --- sepolicy/qti/vendor/kernel.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 sepolicy/qti/vendor/kernel.te diff --git a/sepolicy/qti/vendor/kernel.te b/sepolicy/qti/vendor/kernel.te new file mode 100644 index 0000000..64d7f39 --- /dev/null +++ b/sepolicy/qti/vendor/kernel.te @@ -0,0 +1 @@ +allow kernel vendor_file:file r_file_perms;