1 get_prop(domain, camera_prop) 2 3 dontaudit domain self:capability sys_module; 4 dontaudit domain kernel:system module_request; 5 6 # b/29072816 7 # Triggered by kernel code which calls request_firmware(), which 8 # eventually calls filp_open(), which attempts to look in /firmware 9 # for the firmware file itself using the context of the calling 10 # domain. 11 # This does not occur on other Android builds because the marlin 12 # kernel has various references to /firmware paths in the following 13 # code: 14 # 15 # /* direct firmware loading support */ 16 # static char fw_path_para[256]; 17 # static const char * const fw_path[] = { 18 # fw_path_para, 19 # "/lib/firmware/updates/" UTS_RELEASE, 20 # "/lib/firmware/updates", 21 # "/lib/firmware/" UTS_RELEASE, 22 # "/lib/firmware", 23 # "/firmware/image", 24 # "/firmware/radio", 25 # "/firmware/adsp" //HTC_AUD 26 # }; 27 # 28 # As described at http://www.makelinux.net/ldd3/chp-14-sect-8 , 29 # the userspace helper (in our case, ueventd) should always be loading 30 # these files, not the requesting process itself. It is only due to a 31 # hack added by Linus Torvalds that the kernel even attempt to load 32 # firmware files directly from the filesystem 33 # (https://github.com/torvalds/linux/commit/abb139e75c2cdbb955e840d6331cb5863e409d0e). 34 # 35 # Suppress these denials for most domains, since ueventd should be doing the 36 # opening of the firmware. 37 dontaudit domain firmware_file:dir search; 38 39 allow domain debugfs_ion:dir search; 40 allow domain debugfs_kgsl:dir search; 41
