Fix zram avc denied

Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
This commit is contained in:
Wilson Sung 2023-02-15 15:52:01 +08:00
parent 386ec7e920
commit 4ea1dcff3a
2 changed files with 3 additions and 18 deletions

View file

@ -1,18 +0,0 @@
# b/260522041
dontaudit toolbox per_boot_file:dir { getattr };
dontaudit toolbox per_boot_file:dir { open };
dontaudit toolbox per_boot_file:dir { read };
dontaudit toolbox per_boot_file:dir { remove_name };
dontaudit toolbox per_boot_file:dir { rmdir };
dontaudit toolbox per_boot_file:dir { search };
dontaudit toolbox per_boot_file:dir { write };
dontaudit toolbox per_boot_file:file { getattr };
dontaudit toolbox per_boot_file:file { unlink };
dontaudit toolbox ram_device:blk_file { getattr };
dontaudit toolbox ram_device:blk_file { ioctl };
dontaudit toolbox ram_device:blk_file { open };
dontaudit toolbox ram_device:blk_file { read write };
# b/264490055
userdebug_or_eng(`
permissive toolbox;
')

3
vendor/toolbox.te vendored Normal file
View file

@ -0,0 +1,3 @@
allow toolbox ram_device:blk_file rw_file_perms;
allow toolbox per_boot_file:dir create_dir_perms;
allow toolbox per_boot_file:file create_file_perms;