Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

storage: fix idle-maint avc denials.

Browse source 
avc: denied { getattr } for path="/dev/block/sda5" dev="tmpfs" ino=1039 scontext=u:r:vold:s0 tcontext=u:object_r:efs_block_device:s0 tclass=blk_file permissive=1
avc: denied { getattr } for path="/dev/block/sda7" dev="tmpfs" ino=1199 scontext=u:r:vold:s0 tcontext=u:object_r:modem_userdata_block_device:s0 tclass=blk_file permissive=1

Bug: 361093041
Test: run idle-maint run
Change-Id: Ie92ffa8b576c74e3a1cb127b265059ec76c14667
Signed-off-by: Randall Huang <huangrandall@google.com>
This commit is contained in:
Randall Huang 2024-08-27 11:09:18 +08:00
parent a01bc1d315
commit d6ba7fad68
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
storage/sepolicy/vold.te
View file

@ -1,3 +1,4 @@
# ufs hagc
allow vold sysfs_scsi_devices_0000:file rw_file_perms; allow vold sysfs_scsi_devices_0000:file rw_file_perms;
# Access userdata_exp block device. # Access userdata_exp block device.
@ -6,3 +7,7 @@ allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
dontaudit vold dumpstate:fifo_file rw_file_perms; dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ; dontaudit vold dumpstate:fd use ;
# fix idle-maint
allow vold efs_block_device:blk_file { getattr };
allow vold modem_userdata_block_device:blk_file { getattr };