rfsd: fix avc errors

[ 8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1 [ 8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1 Bug: 205904361 Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
2022-02-15 17:08:52 +08:00 · 2022-02-15 17:08:52 +08:00 · 1420e3d5d7
commit 1420e3d5d7
parent a320d9b575
2 changed files with 3 additions and 3 deletions
--- a/tracking_denials/rfsd.te
+++ b/tracking_denials/rfsd.te
@ -1,3 +0,0 @@
 # b/205904361
 dontaudit rfsd rfsd:capability { chown };
 dontaudit rfsd rfsd:capability { setuid };
--- a/whitechapel_pro/rfsd.te
+++ b/whitechapel_pro/rfsd.te
@ -2,6 +2,9 @@ type rfsd, domain;
 type rfsd_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(rfsd)
 # Allow to setuid from root to radio and chown of modem efs files
 allow rfsd self:capability { chown setuid };
 # Allow to search block device and mnt dir for modem EFS partitions
 allow rfsd mnt_vendor_file:dir search;
 allow rfsd block_device:dir search;