129ef29bc8
allow write permission to fix following error
auditd : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0
Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: I06dc99f1a5859589b33f89ce435745d15e2e5749
Signed-off-by: Robert Lee <lerobert@google.com>
21 lines
545 B
Text
21 lines
545 B
Text
type aocd, domain;
|
|
type aocd_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(aocd)
|
|
|
|
# access persist files
|
|
allow aocd mnt_vendor_file:dir search;
|
|
allow aocd persist_file:dir search;
|
|
r_dir_file(aocd, persist_aoc_file);
|
|
|
|
# sysfs operations
|
|
allow aocd sysfs_aoc:dir search;
|
|
allow aocd sysfs_aoc_firmware:file w_file_perms;
|
|
|
|
# dev operations
|
|
allow aocd aoc_device:chr_file rw_file_perms;
|
|
|
|
# allow inotify to watch for additions/removals from /dev
|
|
allow aocd device:dir r_dir_perms;
|
|
|
|
# set properties
|
|
set_prop(aocd, vendor_aoc_prop)
|