1420e3d5d7
[ 8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
[ 8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
Bug: 205904361
Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
39 lines
1.3 KiB
Text
39 lines
1.3 KiB
Text
type rfsd, domain;
|
|
type rfsd_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(rfsd)
|
|
|
|
# Allow to setuid from root to radio and chown of modem efs files
|
|
allow rfsd self:capability { chown setuid };
|
|
|
|
# Allow to search block device and mnt dir for modem EFS partitions
|
|
allow rfsd mnt_vendor_file:dir search;
|
|
allow rfsd block_device:dir search;
|
|
|
|
# Allow to operate with modem EFS file/dir
|
|
allow rfsd modem_efs_file:dir create_dir_perms;
|
|
allow rfsd modem_efs_file:file create_file_perms;
|
|
|
|
allow rfsd radio_vendor_data_file:dir r_dir_perms;
|
|
allow rfsd radio_vendor_data_file:file r_file_perms;
|
|
|
|
r_dir_file(rfsd, vendor_fw_file)
|
|
|
|
# Allow to access rfsd log file/dir
|
|
allow rfsd vendor_log_file:dir search;
|
|
allow rfsd vendor_rfsd_log_file:dir create_dir_perms;
|
|
allow rfsd vendor_rfsd_log_file:file create_file_perms;
|
|
|
|
# Allow to read/write modem block device
|
|
allow rfsd modem_block_device:blk_file rw_file_perms;
|
|
|
|
# Allow to operate with radio device
|
|
allow rfsd radio_device:chr_file rw_file_perms;
|
|
|
|
# Allow to set rild and modem property
|
|
set_prop(rfsd, vendor_modem_prop)
|
|
set_prop(rfsd, vendor_rild_prop)
|
|
|
|
# Allow rfsd to access modem image file/dir
|
|
allow rfsd modem_img_file:dir r_dir_perms;
|
|
allow rfsd modem_img_file:file r_file_perms;
|
|
allow rfsd modem_img_file:lnk_file r_file_perms;
|