cbd: fix avc errors
avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=3 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1
Bug: 205779872
Bug: 205904432
Change-Id: I09f1ac5473b728d5e6f38b01dc83f4b9c4c8fbcc
This commit is contained in:
SalmaxChang
Salmax Chang
parent
1420e3d5d7
commit
c5f0e9723f
2 changed files with 4 additions and 4 deletions
|
|
@ -1,4 +0,0 @@
|
||||||
# b/205779872
|
|
||||||
dontaudit cbd persist_file:dir { search };
|
|
||||||
# b/205904432
|
|
||||||
dontaudit cbd cbd:capability { setuid };
|
|
||||||
|
|
@ -6,6 +6,9 @@ set_prop(cbd, vendor_modem_prop)
|
||||||
set_prop(cbd, vendor_cbd_prop)
|
set_prop(cbd, vendor_cbd_prop)
|
||||||
set_prop(cbd, vendor_rild_prop)
|
set_prop(cbd, vendor_rild_prop)
|
||||||
|
|
||||||
|
# Allow cbd to set gid/uid from too to radio
|
||||||
|
allow cbd self:capability { setgid setuid };
|
||||||
|
|
||||||
allow cbd mnt_vendor_file:dir r_dir_perms;
|
allow cbd mnt_vendor_file:dir r_dir_perms;
|
||||||
|
|
||||||
allow cbd kmsg_device:chr_file rw_file_perms;
|
allow cbd kmsg_device:chr_file rw_file_perms;
|
||||||
|
|
@ -27,6 +30,7 @@ allow cbd proc_cmdline:file r_file_perms;
|
||||||
|
|
||||||
allow cbd persist_modem_file:dir create_dir_perms;
|
allow cbd persist_modem_file:dir create_dir_perms;
|
||||||
allow cbd persist_modem_file:file create_file_perms;
|
allow cbd persist_modem_file:file create_file_perms;
|
||||||
|
allow cbd persist_file:dir search;
|
||||||
|
|
||||||
allow cbd radio_vendor_data_file:dir create_dir_perms;
|
allow cbd radio_vendor_data_file:dir create_dir_perms;
|
||||||
allow cbd radio_vendor_data_file:file create_file_perms;
|
allow cbd radio_vendor_data_file:file create_file_perms;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue