Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gs101-sepolicy: Fix avc denials

Browse source 
Fix below and other potential denials

11-21 10:10:43.984  3417  3417 I auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard

11-21 10:10:44.840  3976  3976 I auditd  : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin

11-21 18:10:51.280  5595  5595 I auditd  : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
This commit is contained in:
Rick Yiu 2021-11-25 21:54:47 +08:00
parent 68ffcb774d
commit 4075287498
6 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
private/gmscore_app.te
View file

@ -1,2 +1,3 @@
# b/177389198
dontaudit gmscore_app adbd_prop:file *;
dontaudit gmscore_app sysfs_vendor_sched:file write;

1
private/priv_app.te
View file

@ -17,3 +17,4 @@ dontaudit priv_app ab_update_gki_prop:file { getattr };
dontaudit priv_app ab_update_gki_prop:file { map };
dontaudit priv_app adbd_prop:file { open };
dontaudit priv_app adbd_prop:file { getattr };
dontaudit priv_app sysfs_vendor_sched:file write;

1
whitechapel/vendor/google/logger_app.te vendored
View file

@ -25,4 +25,5 @@ userdebug_or_eng(`
dontaudit logger_app default_prop:file { read };
dontaudit logger_app sysfs_vendor_sched:dir search;
dontaudit logger_app sysfs_vendor_sched:file write;
')

1
whitechapel/vendor/google/mediaprovider.te vendored
View file

@ -1 +1,2 @@
dontaudit mediaprovider sysfs_vendor_sched:dir search;
dontaudit mediaprovider sysfs_vendor_sched:file write;

1
whitechapel/vendor/google/shell.te vendored
View file

@ -7,3 +7,4 @@ userdebug_or_eng(`
')
dontaudit shell sysfs_vendor_sched:dir search;
dontaudit shell sysfs_vendor_sched:file write;

1
whitechapel/vendor/google/untrusted_app_all.te vendored
View file

@ -3,3 +3,4 @@
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
dontaudit untrusted_app_all sysfs_vendor_sched:dir search;
dontaudit untrusted_app_all sysfs_vendor_sched:file write;