Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_gs101/private/priv_app.te
Rick Yiu 4075287498 gs101-sepolicy: Fix avc denials 
Fix below and other potential denials

11-21 10:10:43.984  3417  3417 I auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm=4173796E635461736B202332 path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.pixel.setupwizard

11-21 10:10:44.840  3976  3976 I auditd  : type=1400 audit(0.0:10): avc: denied { write } for comm="StallDetector-1" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:untrusted_app_30:s0:c170,c256,c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.inputmethod.latin

11-21 18:10:51.280  5595  5595 I auditd  : type=1400 audit(0.0:102): avc: denied { write } for comm="SharedPreferenc" path="/sys/kernel/vendor_sched/set_task_group_fg" dev="sysfs" ino=44511 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:sysfs_vendor_sched:s0 tclass=file permissive=0 app=com.google.android.gms

Bug: 206970384
Test: make selinux_policy pass
Change-Id: I7c981ef0516dc5be93ec825768de57c15786b4bd
2021-11-25 14:26:35 +00:00

20 lines
940 B
Text
Raw Blame History

# b/178433525
dontaudit priv_app adbd_prop:file { map };
dontaudit priv_app adbd_prop:file { getattr };
dontaudit priv_app adbd_prop:file { open };
dontaudit priv_app ab_update_gki_prop:file { map };
dontaudit priv_app ab_update_gki_prop:file { getattr };
dontaudit priv_app ab_update_gki_prop:file { open };
dontaudit priv_app aac_drc_prop:file { map };
dontaudit priv_app aac_drc_prop:file { getattr };
dontaudit priv_app aac_drc_prop:file { open };
dontaudit priv_app adbd_prop:file { map };
dontaudit priv_app aac_drc_prop:file { open };
dontaudit priv_app aac_drc_prop:file { getattr };
dontaudit priv_app aac_drc_prop:file { map };
dontaudit priv_app ab_update_gki_prop:file { open };
dontaudit priv_app ab_update_gki_prop:file { getattr };
dontaudit priv_app ab_update_gki_prop:file { map };
dontaudit priv_app adbd_prop:file { open };
dontaudit priv_app adbd_prop:file { getattr };
dontaudit priv_app sysfs_vendor_sched:file write;
Reference in a new issue View git blame Copy permalink