From 19713be80389254d8ddd8aade1966c1fea4c6b65 Mon Sep 17 00:00:00 2001 From: "Lunark :3" Date: Tue, 25 Nov 2025 22:19:51 -0500 Subject: [PATCH] vermeer: sepolicy: Resolve binder neverallow violations in citsensors - Android 16 QPR1 introduces stricter neverallow rules that prohibit binder interactions (call/impersonate/transfer/set_context_mgr) between vendor_hal_citsensorservice_xiaomi_default and vendor_hal_display_config_hwservice. Change-Id: Id7acd7b2976c214a4963f59857d9e60836e19137 Signed-off-by: Lunark :3 --- sepolicy/vendor/hal_citsensorservice_xiaomi.te | 1 - sepolicy/vendor/hal_display_config.te | 1 - 2 files changed, 2 deletions(-) delete mode 100644 sepolicy/vendor/hal_display_config.te diff --git a/sepolicy/vendor/hal_citsensorservice_xiaomi.te b/sepolicy/vendor/hal_citsensorservice_xiaomi.te index bda5346..94e262f 100644 --- a/sepolicy/vendor/hal_citsensorservice_xiaomi.te +++ b/sepolicy/vendor/hal_citsensorservice_xiaomi.te @@ -26,7 +26,6 @@ allow vendor_hal_citsensorservice_xiaomi_default vendor_sysfs_displayfeature:fil allow vendor_hal_citsensorservice_xiaomi_default vendor_displayfeature_device:chr_file { ioctl open read write }; allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_mapper_hwservice:hwservice_manager find; allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:hwservice_manager find; -allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:binder { call transfer }; allow vendor_hal_citsensorservice_xiaomi_default vendor_hal_display_config_hwservice:fd *; allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:binder { call transfer }; allow vendor_hal_citsensorservice_xiaomi_default hal_graphics_composer:fd *; diff --git a/sepolicy/vendor/hal_display_config.te b/sepolicy/vendor/hal_display_config.te deleted file mode 100644 index f4240aa..0000000 --- a/sepolicy/vendor/hal_display_config.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_hal_display_config_hwservice vendor_hal_citsensorservice_xiaomi_default:binder transfer;