04275485f7
03-08 09:26:34.320 701 701 I MonitorFdThread: type=1400
audit(0.0:5): avc: denied { read } for name="/" dev="tmpfs" ino=1
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:device:s0
tclass=dir permissive=1
03-08 09:26:34.320 701 701 I MonitorFdThread: type=1400
audit(0.0:6): avc: denied { watch } for path="/dev" dev="tmpfs" ino=1
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:device:s0
tclass=dir permissive=1
03-08 09:26:36.344 701 701 I android.hardwar: type=1400
audit(0.0:11): avc: denied { read write } for name="acd-com.google.usf"
dev="tmpfs" ino=932 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=1
03-08 09:26:36.344 701 701 I android.hardwar: type=1400
audit(0.0:12): avc: denied { open } for path="/dev/acd-com.google.usf"
dev="tmpfs" ino=932 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=1
03-08 09:26:36.948 701 701 I android.hardwar: type=1400
audit(0.0:13): avc: denied { search } for name="vendor" dev="tmpfs"
ino=2 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
03-08 09:26:36.948 701 701 I android.hardwar: type=1400
audit(0.0:14): avc: denied { search } for name="/" dev="sda1" ino=2
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:persist_file:s0
tclass=dir permissive=1
03-08 09:26:36.952 701 701 I android.hardwar: type=1400
audit(0.0:15): avc: denied { getattr } for
path="/mnt/vendor/persist/sensors/registry" dev="sda1" ino=24
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:persist_file:s0
tclass=dir permissive=1
03-08 09:26:36.952 701 701 I android.hardwar: type=1400
audit(0.0:16): avc: denied { read } for name="registry" dev="sda1"
ino=24
Bug:182086633
Test: make selinux_policy -j128 and push to device.
Test: avc denials are disappeared in boot log.
Change-Id: Id7ad6dcb63c880a4b7b07dbe4588ec231e9e00b5
26 lines
843 B
Makefile
26 lines
843 B
Makefile
# sepolicy that are shared among devices using whitechapel
|
|
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google
|
|
|
|
# unresolved SELinux error log with bug tracking
|
|
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials
|
|
|
|
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/private
|
|
|
|
#
|
|
# Pixel-wide
|
|
#
|
|
# Dauntless (uses Citadel policy currently)
|
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
|
|
|
|
# Wifi
|
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_ext
|
|
|
|
# PowerStats HAL
|
|
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
|
|
|
|
# Display
|
|
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common
|
|
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101
|
|
|
|
# Micro sensor framework (usf)
|
|
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf
|