From ef1d13d86dadd9351f91c511d62a620a813aafad Mon Sep 17 00:00:00 2001 From: Nicole Lee Date: Wed, 15 Feb 2023 09:13:04 +0000 Subject: [PATCH] logger_app: don't audit default_prop and fix errors avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger Bug: 264489961 Bug: 269383459 Test: Make sure no avc denied for logger_app when using Pixel Logger Change-Id: I8999372d243286586eb53602e167fa111d39a00f --- radio/logger_app.te | 3 +++ tracking_denials/logger_app.te | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/radio/logger_app.te b/radio/logger_app.te index 045f83dc..3c5f7856 100644 --- a/radio/logger_app.te +++ b/radio/logger_app.te @@ -6,6 +6,9 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) + r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) + set_prop(logger_app, vendor_audio_prop) set_prop(logger_app, vendor_gps_prop) set_prop(logger_app, vendor_logger_prop) diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te index 9443bc55..e04a0e66 100644 --- a/tracking_denials/logger_app.te +++ b/tracking_denials/logger_app.te @@ -1,4 +1,4 @@ -# b/264489961 +# b/269383459 userdebug_or_eng(` - permissive logger_app; + dontaudit logger_app default_prop:file { read }; ')