Writing sepolicy | spi | untrusted_app | sc20

IoT Modules Smart Module
1

Hi All,
I am trying to write sepolicy for denials,these are the denials for spidev

01-01 07:05:02.329 19402 19402 I Thread-6: type=1400 audit(0.0:2125): avc: denied { read write } for name="spidev0.0" dev="tmpfs" ino=9555 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 

01-01 07:05:02.329 19402 19402 I Thread-6: type=1400 audit(0.0:2126): avc: denied { open } for path="/dev/spidev0.0" dev="tmpfs" ino=9555 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 

01-01 07:05:02.329 19402 19402 I Thread-6: type=1400 audit(0.0:2127): avc: denied { ioctl } for path="/dev/spidev0.0" dev="tmpfs" ino=9555 ioctlcmd=6b01 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

these are the patches that i made for those

--- a/common/device.te
+++ b/common/device.te
@@ -75,7 +75,8 @@ type logdump_partition, dev_type;
 #Bootselect partition
 type bootselect_device, dev_type;
 
-#define usb_uicc_device for usb_uicc daemon
+#define usb_uicc_device for usb_uicc daemonecho 1009 >/sys/class/gpio/export
+
 type usb_uicc_device, dev_type;
 
 # Define IPA devices
@@ -147,3 +148,6 @@ type at_device, dev_type;
 
 #define Bluetooth device
 type bt_device, dev_type;
+
+#define spidev for fingerprint sensors
+type spi_device, dev_type;
diff --git a/common/file_contexts b/common/file_contexts
index 8e27239..8ff434a 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -31,6 +31,7 @@
 /dev/smem_log                                   u:object_r:smem_log_device:s0
 /dev/ttyHSL0                                    u:object_r:console_device:s0
 /dev/ttyHSL1                                    u:object_r:selfdefined_device:s0
+/dev/spidev0.0                                  u:object_r:spi_device:s0
 /dev/ttyMSM0                                    u:object_r:console_device:s0
 /dev/ttyHS[0-9]*                                u:object_r:serial_device:s0
 /dev/ttyGS0                                     u:object_r:gadget_serial_device:s0
diff --git a/common/platform_app.te b/common/platform_app.te
index 0edfee5..1ebdaaf 100644
--- a/common/platform_app.te
+++ b/common/platform_app.te
@@ -35,3 +35,5 @@ allow platform_app dpmservice:service_manager find;
 
 #allow ttyHSL1 to interact
 allow platform_app selfdefined_device:chr_file { write };
+
+allow {system_server untrusted_app shell system_app platform_app} spi_device:chr_file {read write open ioctl } ;

but it is not working
please support for writting sepolicy…

2

There are many file need to be modified. This work need solved by E-service.
you can ask our local fae to create a ticket.