Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_gs-common/euiccpixel_app/sepolicy/common/mac_permissions.xml
Welly Hsu 0393e7fbe6 gs-common: add rules for euiccpixel_app 
09-11 21:19:25.452   345   345 I auditd  : avc:  denied  { find } for pid=14141 uid=10246 name=activity scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=0

09-11 21:20:57.035   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=netstats scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.055   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=content_capture scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.064   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=activity_task scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:activity_task_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.111   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=gpu scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:gpu_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.182   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=voiceinteraction scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.184   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=autofill scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:autofill_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.190   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=sensitive_content_protection_service scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sensitive_content_protection_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.193   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=performance_hint scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:hint_service:s0 tclass=service_manager permissive=1

09-11 21:21:09.436   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=audio scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1

09-11 21:21:09.449   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=batterystats scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:batterystats_service:s0 tclass=service_manager permissive=1

09-11 21:21:09.454   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=batteryproperties scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:batteryproperties_service:s0 tclass=service_manager permissive=1

09-11 23:21:26.678   345   345 I auditd  : avc:  denied  { find } for pid=17450 uid=10246 name=permission_checker scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:permission_checker_service:s0 tclass=service_manager permissive=1

09-03 16:29:54.032   351   351 E SELinux : avc:  denied  { find } for pid=3914 uid=10217 name=phone scontext=u:r:euiccpixel_app:s0:c217,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1

09-03 17:35:07.453   351   351 E SELinux : avc:  denied  { find } for pid=3914 uid=10217 name=nfc scontext=u:r:euiccpixel_app:s0:c217,c256,c512,c768 tcontext=u:object_r:nfc_service:s0 tclass=service_manager permissive=1

09-11 21:20:57.108 17450 17450 I auditd  : type=1400 audit(0.0:1055): avc:  denied  { read } for  comm="RenderThread" name="uevent" dev="sysfs" ino=46479 scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.euiccpixel

09-11 21:20:57.108 17450 17450 I auditd  : type=1400 audit(0.0:1056): avc:  denied  { open } for  comm="RenderThread" path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=46479 scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.euiccpixel

09-11 21:20:57.108 17450 17450 I auditd  : type=1400 audit(0.0:1057): avc:  denied  { getattr } for  comm="RenderThread" path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=46479 scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.euiccpixel

09-11 21:21:48.494 12343 12343 I auditd  : type=1400 audit(0.0:23): avc:  denied  { read write } for  comm=4173796E635461736B202331 name="st54spi" dev="tmpfs" ino=1573 scontext=u:r:euiccpixel_app:s0:c3,c257,c522,c768 tcontext=u:object_r:st54spi_device:s0 tclass=chr_file permissive=1

09-11 21:20:57.108 17450 17450 I auditd  : type=1400 audit(0.0:1056): avc:  denied  { read open } for  comm="RenderThread" path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=46479 scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.euiccpixel

09-11 21:20:57.108 17450 17450 I auditd  : type=1400 audit(0.0:1057): avc:  denied  { getattr } for  comm="RenderThread" path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=46479 scontext=u:r:euiccpixel_app:s0:c246,c256,c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.euiccpixel

09-13 17:55:20.904  3776  3776 I auditd  : type=1400 audit(0.0:1087): avc:  denied  { read } for  comm="RenderThread" name="uevent" dev="sysfs" ino=46480 scontext=u:r:euiccpixel_app:s0:c225,c256,c512,c768 tcontext=u:object_r:sysfs_gpu_uevent:s0 tclass=file permissive=0 app=com.google.euiccpixel

09-13 18:18:26.988  4029  4029 I auditd  : type=1400 audit(0.0:1077): avc:  denied  { open getattr } for  comm="RenderThread" path="/sys/devices/platform/34f00000.gpu0/uevent" dev="sysfs" ino=46480 scontext=u:r:euiccpixel_app:s0:c225,c256,c512,c768 tcontext=u:object_r:sysfs_gpu_uevent:s0 tclass=file permissive=0 app=com.google.euiccpixel

09-13 17:55:20.996  3776  3776 I auditd  : type=1400 audit(0.0:1090): avc:  denied  { read } for  comm="ogle.euiccpixel" name="u:object_r:default_prop:s0" dev="tmpfs" ino=164 scontext=u:r:euiccpixel_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.google.euiccpixel

Bug: 361092897
Test: make selinux_policy, flash and test on 25' project
Flag: EXEMPT NDK
Change-Id: I8850fe0c1eae7dc575cb323d1f4a9234b7df82db
2024-09-13 14:09:38 +00:00

27 lines
1.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<policy>
<!--
* A signature is a hex encoded X.509 certificate or a tag defined in
keys.conf and is required for each signer tag.
* A signer tag may contain a seinfo tag and multiple package stanzas.
* A default tag is allowed that can contain policy for all apps not signed with a
previously listed cert. It may not contain any inner package stanzas.
* Each signer/default/package tag is allowed to contain one seinfo tag. This tag
represents additional info that each app can use in setting a SELinux security
context on the eventual process.
* When a package is installed the following logic is used to determine what seinfo
value, if any, is assigned.
- All signatures used to sign the app are checked first.
- If a signer stanza has inner package stanzas, those stanza will be checked
to try and match the package name of the app. If the package name matches
then that seinfo tag is used. If no inner package matches then the outer
seinfo tag is assigned.
- The default tag is consulted last if needed.
-->
<!-- google apps key -->
<signer signature="@EUICCSUPPORTPIXEL" >
<seinfo value="EuiccSupportPixel" />
</signer>
</policy>
Reference in a new issue View git blame Copy permalink