Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

insmod-sh: Allow writing to kmsg

Browse source 
modprobe would log errors to /dev/kmsg, need to explicit allow this.

```
avc:  denied  { write } for  comm="modprobe" name="kmsg" dev="tmpfs" ino=5 scontext=u:r:insmod-sh:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
```

Bug: 388717752
Test: DeviceBootTest#SELinuxUncheckedDenialBootTest
Change-Id: I49a3e6a9f76f20151034cb00f772247b0e9c668e
This commit is contained in:
Yi-Yo Chiang 2025-01-09 18:26:49 +08:00
parent b61a4f4345
commit 51357e0322
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
insmod/init.module.rc
View file

@ -8,3 +8,4 @@ service insmod_sh /vendor/bin/insmod.sh /vendor/etc/init.common.cfg
group root system
disabled
oneshot
file /dev/kmsg w

3
insmod/sepolicy/insmod-sh.te
View file

@ -12,3 +12,6 @@ allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
set_prop(insmod-sh, vendor_device_prop)
dontaudit insmod-sh proc_cmdline:file r_file_perms;
# Allow modprobe to log to kmsg.
allow insmod-sh kmsg_device:chr_file w_file_perms;