Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cbd: Fix avc errors am: 4d87bc0f2a

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805045

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I088a4f7fec8e864e44f8bcb2066b21d523a60cff
This commit is contained in:
SalmaxChang 2021-03-08 08:04:19 +00:00 committed by Automerger Merge Worker
commit e0e29b3505
4 changed files with 15 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

30
tracking_denials/cbd.te
View file

@ -1,19 +1,5 @@
# b/171267363 # b/171267363
dontaudit cbd cbd:capability {setuid }; dontaudit cbd cbd:capability {setuid };
dontaudit cbd proc_cmdline:file {open };
dontaudit cbd persist_file:dir {search };
dontaudit cbd init:unix_stream_socket {connectto };
dontaudit cbd proc_cmdline:file {read };
dontaudit cbd kernel:system {syslog_read };
# b/173971138
dontaudit cbd radio_prop:file { map };
dontaudit cbd radio_prop:file { open };
dontaudit cbd radio_prop:file { read };
dontaudit cbd radio_prop:file { open };
dontaudit cbd radio_prop:file { map };
dontaudit cbd radio_prop:file { read };
dontaudit cbd radio_prop:file { getattr };
dontaudit cbd radio_prop:file { getattr };
# b/178331928 # b/178331928
dontaudit cbd mnt_vendor_file:dir { search }; dontaudit cbd mnt_vendor_file:dir { search };
dontaudit cbd mnt_vendor_file:dir { search }; dontaudit cbd mnt_vendor_file:dir { search };
@ -31,21 +17,5 @@ dontaudit cbd unlabeled:dir { search };
dontaudit cbd unlabeled:file { read }; dontaudit cbd unlabeled:file { read };
dontaudit cbd unlabeled:file { open }; dontaudit cbd unlabeled:file { open };
# b/179198083 # b/179198083
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd radio_vendor_data_file:dir { write };
dontaudit cbd radio_vendor_data_file:dir { add_name };
dontaudit cbd radio_vendor_data_file:file { create };
dontaudit cbd radio_vendor_data_file:file { write };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd unlabeled:file { ioctl }; dontaudit cbd unlabeled:file { ioctl };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd radio_vendor_data_file:file { read };
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd unlabeled:file { ioctl }; dontaudit cbd unlabeled:file { ioctl };
dontaudit cbd radio_vendor_data_file:file { open };
dontaudit cbd radio_vendor_data_file:file { read };
dontaudit cbd radio_vendor_data_file:file { write };
dontaudit cbd radio_vendor_data_file:file { create };
dontaudit cbd radio_vendor_data_file:dir { add_name };
dontaudit cbd radio_vendor_data_file:dir { search };
dontaudit cbd radio_vendor_data_file:dir { write };

12
whitechapel/vendor/google/cbd.te vendored
View file

@ -21,6 +21,14 @@ allow cbd sysfs_chosen:dir r_dir_perms;
allow cbd radio_device:chr_file rw_file_perms; allow cbd radio_device:chr_file rw_file_perms;
allow cbd proc_cmdline:file r_file_perms;
allow cbd persist_modem_file:dir create_dir_perms;
allow cbd persist_modem_file:file create_file_perms;
allow cbd radio_vendor_data_file:dir create_dir_perms;
allow cbd radio_vendor_data_file:file create_file_perms;
# Allow cbd to operate with modem EFS file/dir # Allow cbd to operate with modem EFS file/dir
allow cbd modem_efs_file:dir create_dir_perms; allow cbd modem_efs_file:dir create_dir_perms;
allow cbd modem_efs_file:file create_file_perms; allow cbd modem_efs_file:file create_file_perms;
@ -34,10 +42,12 @@ allow cbd modem_img_file:dir r_dir_perms;
allow cbd modem_img_file:file r_file_perms; allow cbd modem_img_file:file r_file_perms;
# Allow cbd to collect crash info # Allow cbd to collect crash info
allow cbd sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms; allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
userdebug_or_eng(` userdebug_or_eng(`
allow cbd kernel:system syslog_read;
allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms; allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms; allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
') ')

2
whitechapel/vendor/google/file.te vendored
View file

@ -113,6 +113,8 @@ type modem_efs_file, file_type;
type modem_img_file, file_type; type modem_img_file, file_type;
type modem_userdata_file, file_type; type modem_userdata_file, file_type;
type sysfs_modem, sysfs_type, fs_type; type sysfs_modem, sysfs_type, fs_type;
type persist_modem_file, file_type, vendor_persist_type;
# Wireless # Wireless
type sysfs_wlc, sysfs_type, fs_type; type sysfs_wlc, sysfs_type, fs_type;

2
whitechapel/vendor/google/file_contexts vendored
View file

@ -254,6 +254,8 @@
/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0 /mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0 /mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0
/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0 /mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
# Subsystem coredump # Subsystem coredump
/vendor/bin/sscoredump u:object_r:sscoredump_exec:s0 /vendor/bin/sscoredump u:object_r:sscoredump_exec:s0