8761f86 - device/google/coral-sepolicy

commit	8761f8681a12b54ce2920d716cbfa5057341f9dc	[log] [tgz]
author	Josh Hou <joshhou@google.com>	Wed Apr 15 23:43:43 2020 +0800
committer	Josh Hou <joshhou@google.com>	Mon Apr 20 15:35:04 2020 +0800
tree	ee64800304ff03a63b886aa2253fd5101903cc0e
parent	c637a461e8d5954cc67669b74c81a7348775eb44 [diff]
Fix sepolicy error related to qtelephony

avc:  denied  { find } for interface=vendor.qti.imsrtpservice::IRTPService sid=u:r:qtelephony:s0:c205,c256,c512,c768 pid=4118 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:hal_imsrtp_hwservice:s0 tclass=hwservice_manager permissive=1
avc:  denied  { find } for pid=4118 uid=10205 name=isub scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
avc: denied { call } for scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=org.codeaurora.ims
avc: denied { search } for comm=".codeaurora.ims" name="diagchar" dev="sysfs" ino=45004 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:sysfs_diag:s0 tclass=dir permissive=1 app=org.codeaurora.ims

avc: denied { open } for comm=".codeaurora.ims" path="/sys/module/diagchar/parameters/timestamp_switch" dev="sysfs" ino=45010 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:sysfs_timestamp_switch:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { read } for comm=".codeaurora.ims" name="timestamp_switch" dev="sysfs" ino=45010 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:sysfs_timestamp_switch:s0 tclass=file permissive=1 app=org.codeaurora.ims

avc:  denied  { find } for pid=4118 uid=10205 name=media.audio_policy scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:audioserver_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4118 uid=10205 name=media.camera scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4118 uid=10205 name=media.extractor scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:mediaextractor_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4118 uid=10205 name=media.metrics scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:mediametrics_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4118 uid=10205 name=media.player scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:mediaserver_service:s0 tclass=service_manager permissive=1

avc:  denied  { find } for interface=vendor.qti.imsrtpservice::IRTPService sid=u:r:qtelephony:s0:c205,c256,c512,c768 pid=4118 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:hal_imsrtp_hwservice:s0 tclass=hwservice_manager permissive=1
avc: denied { call } for comm=".codeaurora.ims" scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=1 app=org.codeaurora.ims

avc:  denied  { find } for interface=vendor.qti.hardware.radio.ims::IImsRadio sid=u:r:qtelephony:s0:c205,c256,c512,c768 pid=4118 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:hal_telephony_hwservice:s0 tclass=hwservice_manager permissive=1

avc: denied { read } for comm=".codeaurora.ims" name="u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=24135 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { open } for comm=".codeaurora.ims" path="/dev/__properties__/u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=24135 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { getattr } for comm=".codeaurora.ims" path="/dev/__properties__/u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=24135 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { map } for comm=".codeaurora.ims" path="/dev/__properties__/u:object_r:vendor_radio_prop:s0" dev="tmpfs" ino=24135 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:vendor_radio_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims

avc: denied { read } for comm="Binder:4118_1" name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=24091 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { open } for path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=24091 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { getattr } for comm="Binder:4118_1" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=24091 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims
avc: denied { map } for comm="Binder:2413_3" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=5343 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1 app=org.codeaurora.ims

avc: denied { open } for comm="Binder:4118_1" path="/dev/diag" dev="tmpfs" ino=30268 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1 app=org.codeaurora.ims
avc: denied { ioctl } for comm="Binder:4118_1" path="/dev/diag" dev="tmpfs" ino=30268 ioctlcmd=0x20 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1 app=org.codeaurora.ims
avc: denied { getattr } for comm=".codeaurora.ims" path="/dev/diag" dev="tmpfs" ino=30268 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1 app=org.codeaurora.ims
avc: denied { read write } for comm="Binder:4118_5" name="diag" dev="tmpfs" ino=30268 scontext=u:r:qtelephony:s0:c205,c256,c512,c768 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1 app=org.codeaurora.ims

avc:  denied  { find } for pid=4136 uid=10194 name=activity scontext=u:r:qtelephony:s0:c194,c256,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=0
avc:  denied  { find } for pid=24330 uid=10195 name=telephony.registry scontext=u:r:qtelephony:s0:c195,c256,c512,c768 tcontext=u:object_r:registry_service:s0 tclass=service_manager permissive=0

avc: denied { call } for comm="ims_rtp_daemon" scontext=u:r:hal_imsrtp:s0 tcontext=u:r:qtelephony:s0:c205,c256,c512,c768 tclass=binder permissive=1
avc: denied { use } for path="/dmabuf:" dev="dmabuf" ino=461306 scontext=u:r:hal_imsrtp:s0 tcontext=u:r:qtelephony:s0:c205,c256,c512,c768 tclass=fd permissive=1 app=org.codeaurora.ims

avc:  denied  { find } for pid=4089 uid=10194 name=thermalservice scontext=u:r:qtelephony:s0:c194,c256,c512,c768 tcontext=u:object_r:thermal_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4089 uid=10194 name=device_policy scontext=u:r:qtelephony:s0:c194,c256,c512,c768 tcontext=u:object_r:device_policy_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=4089 uid=10194 name=audio scontext=u:r:qtelephony:s0:c194,c256,c512,c768 tcontext=u:object_r:audio_service:s0 tclass=service_manager permissive=1

Bug: 153934276
Test: build pass
Change-Id: I8ecd0ca981523755834d7022817005343746ec37
3 files changed
tree: ee64800304ff03a63b886aa2253fd5101903cc0e