sepolicy: Fix trusty_apploader avc denials
* File permissions missing Bug: 263305034 Test: ran com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot Change-Id: I5d0a56a4c31c66610414341118c4089d2c11f3e9 Signed-off-by: Donnie Pollitz <donpollitz@google.com>
This commit is contained in:
Donnie Pollitz
parent
6f15645932
commit
1df4e2dde8
2 changed files with 4 additions and 8 deletions
|
|
@ -1,10 +1,3 @@
|
||||||
# b/263305034
|
|
||||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { ioctl };
|
|
||||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { open };
|
|
||||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { read };
|
|
||||||
dontaudit trusty_apploader tee_device:chr_file { ioctl };
|
|
||||||
dontaudit trusty_apploader tee_device:chr_file { open };
|
|
||||||
dontaudit trusty_apploader tee_device:chr_file { read write };
|
|
||||||
# b/264489569
|
# b/264489569
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
permissive trusty_apploader;
|
permissive trusty_apploader;
|
||||||
|
|
|
||||||
3
vendor/trusty_apploader.te
vendored
3
vendor/trusty_apploader.te
vendored
|
|
@ -2,3 +2,6 @@ type trusty_apploader, domain;
|
||||||
type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
|
type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
|
||||||
init_daemon_domain(trusty_apploader)
|
init_daemon_domain(trusty_apploader)
|
||||||
|
|
||||||
|
allow trusty_apploader ion_device:chr_file r_file_perms;
|
||||||
|
allow trusty_apploader tee_device:chr_file rw_file_perms;
|
||||||
|
allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue