From d135bde241adea0ab46d98a377db8c23ec002aa1 Mon Sep 17 00:00:00 2001 From: Aaron Tsai Date: Wed, 24 Mar 2021 12:06:24 +0800 Subject: [PATCH] Fix selinux errors for rild 03-10 09:33:20.380 849 849 I rild_exynos: type=1400 audit(0.0:11): avc: denied { map } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 03-10 09:33:20.380 849 849 I rild_exynos: type=1400 audit(0.0:10): avc: denied { getattr } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 03-10 09:33:20.380 849 849 I rild_exynos: type=1400 audit(0.0:9): avc: denied { open } for path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 03-10 09:33:20.380 849 849 I rild_exynos: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 [ 16.814981] type=1400 audit(1615340000.380:8): avc: denied { read } for comm="rild_exynos" name="u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 [ 16.815057] type=1400 audit(1615340000.380:9): avc: denied { open } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 [ 16.815089] type=1400 audit(1615340000.380:10): avc: denied { getattr } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 [ 16.815108] type=1400 audit(1615340000.380:11): avc: denied { map } for comm="rild_exynos" path="/dev/__properties__/u:object_r:sota_prop:s0" dev="tmpfs" ino=241 scontext=u:r:rild:s0 tcontext=u:object_r:sota_prop:s0 tclass=file permissive=1 Bug: 182320172 Test: verified with the forrest ROM and error log gone Change-Id: Ib0300629de5a0186c4f9fd2f603be52aefd085bc --- tracking_denials/rild.te | 9 --------- whitechapel/vendor/google/rild.te | 1 + 2 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 tracking_denials/rild.te diff --git a/tracking_denials/rild.te b/tracking_denials/rild.te deleted file mode 100644 index c9a686c4..00000000 --- a/tracking_denials/rild.te +++ /dev/null @@ -1,9 +0,0 @@ -# b/182320172 -dontaudit rild sota_prop:file { map }; -dontaudit rild sota_prop:file { getattr }; -dontaudit rild sota_prop:file { open }; -dontaudit rild sota_prop:file { read }; -dontaudit rild sota_prop:file { read }; -dontaudit rild sota_prop:file { open }; -dontaudit rild sota_prop:file { getattr }; -dontaudit rild sota_prop:file { map }; diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index d732e0ee..5dab0eff 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -4,6 +4,7 @@ get_prop(rild, vendor_persist_config_default_prop) get_prop(rild, vendor_ro_config_default_prop) set_prop(rild, vendor_sys_default_prop) +get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) allow rild proc_net:file rw_file_perms;