Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init-display-sh: Don't audit writing to kmsg

Browse source 
modprobe would log errors to /dev/kmsg, need to explicit allow this.


```
avc:  denied  { write } for  comm="modprobe" name="kmsg" dev="tmpfs" ino=5 scontext=u:r:init-display-sh:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
```

Bug: 388717752
Test: DeviceBootTest#SELinuxUncheckedDenialBootTest
Change-Id: Iaf1157a925e480ec3c8cdd00573f3d0a4ead355b
This commit is contained in:
Yi-Yo Chiang 2025-01-09 18:41:03 +08:00
parent 7374ccc1b6
commit 50f433731d
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
whitechapel_pro/init-display-sh.te
View file

@ -8,3 +8,5 @@ allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
dontaudit init-display-sh proc_cmdline:file r_file_perms; dontaudit init-display-sh proc_cmdline:file r_file_perms;
# Allow modprobe to log to kmsg.
allow init-display-sh kmsg_device:chr_file w_file_perms;