Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cbd: Fix avc errors

Browse source 
avc: denied { write } for comm="cbd" name="ssrdump" dev="dm-9" ino=284 scontext=u:r:cbd:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir
avc: denied { add_name } for comm="cbd" name="crashinfo_modem_2021-03-02_10-57-06.txt" scontext=u:r:cbd:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir
avc: denied { write } for comm="sh" name="image" dev="dm-9" ino=231 scontext=u:r:cbd:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir
avc: denied { read } for comm="cbd" name="u:object_r:radio_prop:s0" dev="tmpfs" ino=206 scontext=u:r:cbd:s0 tcontext=u:object_r:radio_prop:s0 tclass=file
avc: denied { search } for comm="cbd" name="/" dev="sda15" ino=2 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir
avc: denied { syslog_read } for comm="cbd" scontext=u:r:cbd:s0 tcontext=u:r:kernel:s0 tclass=system

Bug: 179198083
Bug: 178331928
Bug: 171267363
Change-Id: I8a89e360e6d614ad76ed2eb78467fcbedf1ea0ce
This commit is contained in:
SalmaxChang 2021-03-02 19:57:23 +08:00 committed by Salmax Chang
parent fc5a6a88db
commit 4d87bc0f2a
4 changed files with 15 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

30
tracking_denials/cbd.te
View file

@ -1,19 +1,5 @@
# b/171267363
dontaudit cbd cbd:capability {setuid };
dontaudit cbd proc_cmdline:file {open };
dontaudit cbd persist_file:dir {search };
dontaudit cbd init:unix_stream_socket {connectto };
dontaudit cbd proc_cmdline:file {read };
dontaudit cbd kernel:system {syslog_read };
# b/173971138
dontaudit cbd radio_prop:file { map };
dontaudit cbd radio_prop:file { open };
dontaudit cbd radio_prop:file { read };
dontaudit cbd radio_prop:file { open };
dontaudit cbd radio_prop:file { map };
dontaudit cbd radio_prop:file { read };
dontaudit cbd radio_prop:file { getattr };
dontaudit cbd radio_prop:file { getattr };
# b/178331928
dontaudit cbd mnt_vendor_file:dir { search };
dontaudit cbd mnt_vendor_file:dir { search };
@ -31,21 +17,5 @@ dontaudit cbd unlabeled:dir { search };
dontaudit cbd unlabeled:file { read };
dontaudit cbd unlabeled:file { open };
# b/179198083
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd radio_vendor_data_file:dir { write };
dontaudit cbd radio_vendor_data_file:dir { add_name };
dontaudit cbd radio_vendor_data_file:file { create };
dontaudit cbd radio_vendor_data_file:file { write };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd unlabeled:file { ioctl };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd radio_vendor_data_file:file { read };
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd unlabeled:file { ioctl };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd radio_vendor_data_file:file { read };
dontaudit cbd radio_vendor_data_file:file { write };
dontaudit cbd radio_vendor_data_file:file { create };
dontaudit cbd radio_vendor_data_file:dir { add_name };
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd radio_vendor_data_file:dir { write };

12
whitechapel/vendor/google/cbd.te vendored
View file

@ -21,6 +21,14 @@ allow cbd sysfs_chosen:dir r_dir_perms;
allow cbd radio_device:chr_file rw_file_perms;
allow cbd proc_cmdline:file r_file_perms;
allow cbd persist_modem_file:dir create_dir_perms;
allow cbd persist_modem_file:file create_file_perms;
allow cbd radio_vendor_data_file:dir create_dir_perms;
allow cbd radio_vendor_data_file:file create_file_perms;
# Allow cbd to operate with modem EFS file/dir
allow cbd modem_efs_file:dir create_dir_perms;
allow cbd modem_efs_file:file create_file_perms;
@ -34,10 +42,12 @@ allow cbd modem_img_file:dir r_dir_perms;
allow cbd modem_img_file:file r_file_perms;
# Allow cbd to collect crash info
allow cbd sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
userdebug_or_eng(`
allow cbd kernel:system syslog_read;
allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
')

2
whitechapel/vendor/google/file.te vendored
View file

@ -113,6 +113,8 @@ type modem_efs_file, file_type;
type modem_img_file, file_type;
type modem_userdata_file, file_type;
type sysfs_modem, sysfs_type, fs_type;
type persist_modem_file, file_type, vendor_persist_type;
# Wireless
type sysfs_wlc, sysfs_type, fs_type;

2
whitechapel/vendor/google/file_contexts vendored
View file

@ -254,6 +254,8 @@
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
# Subsystem coredump
/vendor/bin/sscoredump u:object_r:sscoredump_exec:s0