From 24568c64d138e1db7343fc6b39b1db61d432081d Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Thu, 5 Sep 2024 15:46:21 +0800 Subject: [PATCH] storage: fix vold avc denied [ 33.709752][ T363] type=1400 audit(1725519791.892:729): avc: denied { read } for comm="binder:369_6" name="/" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1 [ 33.710804][ T363] type=1400 audit(1725519791.892:730): avc: denied { open } for comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1 [ 33.711734][ T363] type=1400 audit(1725519791.892:731): avc: denied { ioctl } for comm="binder:369_6" path="/mnt/vendor/efs" dev="sda5" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1 [ 33.712732][ T363] type=1400 audit(1725519791.892:732): avc: denied { read } for comm="binder:369_6" name="/" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1 [ 33.713612][ T363] type=1400 audit(1725519791.892:733): avc: denied { open } for comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1 [ 33.714833][ T363] type=1400 audit(1725519791.892:734): avc: denied { ioctl } for comm="binder:369_6" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 ioctlcmd=0x5879 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1 Bug: 361093041 Test: local build Change-Id: I629f0303940f3f07ce3717cd0a2c8f975378f24b Signed-off-by: Randall Huang --- storage/sepolicy/vold.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te index 529f495..b776c80 100644 --- a/storage/sepolicy/vold.te +++ b/storage/sepolicy/vold.te @@ -12,4 +12,6 @@ dontaudit vold dumpstate:fd use ; # fix idle-maint allow vold efs_block_device:blk_file { getattr }; allow vold modem_userdata_block_device:blk_file { getattr }; +allow vold modem_efs_file:dir { read open ioctl }; +allow vold modem_userdata_file:dir { read open ioctl };