4075287498
Fix below and other potential denials
11-21 10:10:43.984 3417 3417 I auditd : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard
11-21 10:10:44.840 3976 3976 I auditd : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin
11-21 18:10:51.280 5595 5595 I auditd : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms
Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
29 lines
1.3 KiB
Text
29 lines
1.3 KiB
Text
userdebug_or_eng(`
|
|
allow logger_app radio_vendor_data_file:file create_file_perms;
|
|
allow logger_app radio_vendor_data_file:dir create_dir_perms;
|
|
allow logger_app vendor_slog_file:file {r_file_perms unlink};
|
|
allow logger_app vendor_gps_file:file create_file_perms;
|
|
allow logger_app vendor_gps_file:dir create_dir_perms;
|
|
allow logger_app sysfs_sscoredump_level:file r_file_perms;
|
|
r_dir_file(logger_app, ramdump_vendor_data_file)
|
|
r_dir_file(logger_app, sscoredump_vendor_data_coredump_file)
|
|
r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file)
|
|
|
|
get_prop(logger_app, usb_control_prop)
|
|
set_prop(logger_app, vendor_logger_prop)
|
|
set_prop(logger_app, vendor_modem_prop)
|
|
set_prop(logger_app, vendor_gps_prop)
|
|
set_prop(logger_app, vendor_audio_prop)
|
|
set_prop(logger_app, vendor_tcpdump_log_prop)
|
|
set_prop(logger_app, vendor_ramdump_prop)
|
|
set_prop(logger_app, vendor_ssrdump_prop)
|
|
set_prop(logger_app, vendor_rild_prop)
|
|
set_prop(logger_app, logpersistd_logging_prop)
|
|
set_prop(logger_app, logd_prop)
|
|
set_prop(logger_app, vendor_usb_config_prop)
|
|
set_prop(logger_app, vendor_wifi_sniffer_prop)
|
|
|
|
dontaudit logger_app default_prop:file { read };
|
|
dontaudit logger_app sysfs_vendor_sched:dir search;
|
|
dontaudit logger_app sysfs_vendor_sched:file write;
|
|
')
|