samsung_sm8750/android_device_samsung_sm8750-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sm8550-common: sepolicy: Allow hermesd to use wake_alarm capability

Browse Source 
Fix an issue where the hermesd process is denied access to wake_alarm
by SELinux, causing authentication failures even with correct credentials.

When enters the wrong password 5 times, the device refuses to unlock even
after the correct password is provided.

avc: denied { wake_alarm } for capability=35 scontext=u:r:hermesd:s0
tcontext=u:r:hermesd:s0 tclass=capability2 permissive=0

Change-Id: I0461346ceb10ae482a30bf72429b2eca10ac091b
This commit is contained in:
chaptsand
2025-03-30 19:49:36 +08:00
parent 5d9c711014
commit 9cfb921e7d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sepolicy/vendor/hermesd.te vendored
View File

@@ -23,6 +23,8 @@ allow hermesd vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
allow hermesd vendor_gatekeeper_data_file:dir create_dir_perms; allow hermesd vendor_gatekeeper_data_file:dir create_dir_perms;
allow hermesd vendor_gatekeeper_data_file:file create_file_perms; allow hermesd vendor_gatekeeper_data_file:file create_file_perms;
allow hermesd self:capability2 wake_alarm;
allow hermesd vendor_hal_keymint_qti:binder transfer; allow hermesd vendor_hal_keymint_qti:binder transfer;
set_prop(hermesd, vendor_securenvm_prop) set_prop(hermesd, vendor_securenvm_prop)