From dc83bcf6a538676a2d7668165710a9f694b3f982 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Mon, 20 Jan 2025 16:19:52 +0800 Subject: [PATCH] RamdumpService: Fix the SELinux errors from introducing Firebase Analytics. Fix the SELinux errors from introducing Firebase Analytics (ag/30936923): 01-16 10:44:12.432 W/ScionFrontendAp( 4336): type=1400 audit(0.0:17): avc: denied { read } for name="PrebuiltGmsCoreNext_DynamiteLoader.apk" dev="dm-59" ino=7119 scontext=u:r:ramdump_app:s0:c18,c257,c512,c768 tcontext=u:object_r:privapp_data_file:s0:c512,c768 tclass=lnk_file permissive=0 bug=b/385858590 app=com.android.ramdump 01-20 15:41:03.180 10754-10754 W/ScionFrontendAp: type=1400 audit(0.0:342): avc: denied { execute } for path="/data/user_de/10/com.google.android.gms/app_chimera/m/00000067/oat/arm64/PrebuiltGmsCoreNext_DynamiteLoader.odex" dev="dm-54" ino=80602 scontext=u:r:ramdump_app:s0:c13,c257,c522,c768 tcontext=u:object_r:privapp_data_file:s0:c522,c768 tclass=file permissive=0 Bug: 386149375 Flag: EXEMPT bugfix Change-Id: Ia10a5585ebc8f4e895d4dc6ecf0d8cd4dc727ac8 --- ramdump_and_coredump/sepolicy/ramdump_app.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te index 9eebc98..674786b 100644 --- a/ramdump_and_coredump/sepolicy/ramdump_app.te +++ b/ramdump_and_coredump/sepolicy/ramdump_app.te @@ -9,6 +9,10 @@ userdebug_or_eng(` allow ramdump_app app_api_service:service_manager find; + # For Firebase Analytics + allow ramdump_app privapp_data_file:file x_file_perms; + allow ramdump_app privapp_data_file:lnk_file r_file_perms; + allow ramdump_app ramdump_vendor_data_file:file create_file_perms; allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;