Google Git
Sign in
android / device / google / crosshatch-sepolicy / a2aedc696e67d682b3f9794611676fea619917b9
commita2aedc696e67d682b3f9794611676fea619917b9[log] [tgz]
authorAlex Hong <rurumihong@google.com>Thu May 23 22:11:22 2019 +0800
committerAlex Hong <rurumihong@google.com>Mon May 27 12:07:21 2019 +0800
treed75041f59771eaf886bea7f6513c62c0bec3304d
parent3260b9da521ba9fd50e8378e6b51d551e98b2212 [diff]
Fix CTS-on-GSI android.security.cts.SELinuxHostTest#testNoBugreportDenials failure

avc: denied { read } for name="u:object_r:vendor_modem_diag_prop:s0" dev="tmpfs" ino=25460 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vendor_modem_diag_prop:s0 tclass=file permissive=0
avc: denied { read } for name="u:object_r:vendor_tcpdump_log_prop:s0" dev="tmpfs" ino=25472 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vendor_tcpdump_log_prop:s0 tclass=file permissive=0
avc: denied { search } for name="radio" dev="dm-3" ino=175 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="radio" dev="dm-3" ino=175 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="radio" dev="dm-3" ino=175 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="netmgr" dev="dm-3" ino=169 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:netmgr_data_file:s0 tclass=dir permissive=0
avc: denied { search } for name="mpss" dev="dm-3" ino=147 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:mpss_rfs_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="vndbinder" dev="tmpfs" ino=14214 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=0
avc: denied { read write } for name="binder" dev="tmpfs" ino=15825 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:binder_device:s0 tclass=chr_file permissive=0
avc: denied { read } for name="vndbinder" dev="tmpfs" ino=14214 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=0
avc: denied { read write } for name="binder" dev="tmpfs" ino=15825 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:binder_device:s0 tclass=chr_file permissive=0
avc: denied { find } for service=android.hardware.citadel.ICitadeld pid=9319 uid=1000 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:r:citadeld:s0 tclass=binder permissive=0

Bug: 132592593
Test: 1. Flash crosshatch-user image from ab/5591699
      2. Flash GSI image (aosp_arm64-img-5591699.zip in aosp_arm64-userdebug) from ab/5591699
      3. Modify crosshatch sepolicy and flash the vendor image to device
      4. run cts and check if the selinux denials still exists
         run cts -m CtsSecurityHostTestCases -t android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I51f9b5345a05e5bbde2df88018c3f0278803b9fb
(cherry picked from commit 01778cf2719411f384f0a9a8d496f691d199c5fc)
1 file changed
tree: d75041f59771eaf886bea7f6513c62c0bec3304d
  1. private/
  2. public/
  3. vendor/
  4. crosshatch-sepolicy.mk
  5. OWNERS