init-display-sh: Don't audit writing to kmsg
modprobe would log errors to /dev/kmsg, need to explicit allow this.
```
avc: denied { write } for comm="modprobe" name="kmsg" dev="tmpfs" ino=5 scontext=u:r:init-display-sh:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
```
Bug: 388717752
Test: DeviceBootTest#SELinuxUncheckedDenialBootTest
Change-Id: I62a43416291d4d79164765004f156f2bdb69b0b5
This commit is contained in:
Yi-Yo Chiang
parent
4969643398
commit
829c6fb863
1 changed files with 2 additions and 0 deletions
2
whitechapel/vendor/google/init-display-sh.te
vendored
2
whitechapel/vendor/google/init-display-sh.te
vendored
|
|
@ -8,3 +8,5 @@ allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
|
|||
|
||||
dontaudit init-display-sh proc_cmdline:file r_file_perms;
|
||||
|
||||
# Allow modprobe to log to kmsg.
|
||||
allow init-display-sh kmsg_device:chr_file w_file_perms;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue