c47a4a9 - device/google/redbull-sepolicy

commit	c47a4a903c9dbc91b675611968b8e699f8186e6d	[log] [tgz]
author	James.cf Lin <jamescflin@google.com>	Mon Feb 24 20:31:27 2020 +0800
committer	James.cf Lin <jamescflin@google.com>	Thu Feb 27 13:00:01 2020 +0800
tree	b7a70ca2bc882abb89845203985f7864fd71df7c
parent	fc97a915ce11be99592b13b421fa1341012249a0 [diff]
[B5R3] SELinux error related to hal_rcsservice

avc: denied { read write } for comm="imsrcsd" name="diag" dev="tmpfs" ino=26681 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1
avc: denied { open } for comm="imsrcsd" path="/dev/diag" dev="tmpfs" ino=26681 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for comm="imsrcsd" path="/dev/diag" dev="tmpfs" ino=26681 ioctlcmd=0x20 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=1

avc: denied { call } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
avc: denied { transfer } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1

avc: denied { call } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:radio:s0 tclass=binder permissive=1

avc:  denied  { find } for interface=com.qualcomm.qti.uceservice::IUceService sid=u:r:hal_rcsservice:s0 pid=1045 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hal_imsrcsd_hwservice:s0 tclass=hwservice_manager permissive=1
avc:  denied  { add } for interface=com.qualcomm.qti.uceservice::IUceService sid=u:r:hal_rcsservice:s0 pid=1045 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hal_imsrcsd_hwservice:s0 tclass=hwservice_manager permissive=1

avc:  denied  { find } for interface=vendor.qti.ims.callinfo::IService sid=u:r:hal_rcsservice:s0 pid=1045 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hal_imscallinfo_hwservice:s0 tclass=hwservice_manager permissive=1
avc:  denied  { add } for interface=vendor.qti.ims.callinfo::IService sid=u:r:hal_rcsservice:s0 pid=1045 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hal_imscallinfo_hwservice:s0 tclass=hwservice_manager permissive=1

avc: denied { getattr } for comm="imsrcsd" path="/dev/__properties__/u:object_r:hwservicemanager_prop:s0" dev="tmpfs" ino=17106 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=1
avc: denied { open } for comm="imsrcsd" path="/dev/__properties__/u:object_r:hwservicemanager_prop:s0" dev="tmpfs" ino=17106 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=1
avc: denied { read } for comm="imsrcsd" name="u:object_r:hwservicemanager_prop:s0" dev="tmpfs" ino=17106 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=1
avc: denied { map } for comm="imsrcsd" path="/dev/__properties__/u:object_r:hwservicemanager_prop:s0" dev="tmpfs" ino=17106 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hwservicemanager_prop:s0 tclass=file permissive=1

avc: denied { read } for comm="imsrcsd" name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=17135 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1
avc: denied { open } for comm="imsrcsd" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=17135 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1
avc: denied { getattr } for comm="imsrcsd" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=17135 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1
avc: denied { map } for comm="imsrcsd" path="/dev/__properties__/u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=17135 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=1

avc: denied { search } for name="diagchar" dev="sysfs" ino=38294 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:sysfs_diag:s0 tclass=dir permissive=1

avc: denied { read } for comm="imsrcsd" name="timestamp_switch" dev="sysfs" ino=38300 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:sysfs_timestamp_switch:s0 tclass=file permissive=1
avc: denied { open } for comm="imsrcsd" path="/sys/module/diagchar/parameters/timestamp_switch" dev="sysfs" ino=38300 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:sysfs_timestamp_switch:s0 tclass=file permissive=1

avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
avc: denied { write } for name="property_service" dev="tmpfs" ino=19161 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
avc: denied { read } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hal_rcsservice:s0 tclass=qipcrtr_socket permissive=1
avc: denied { write } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hal_rcsservice:s0 tclass=qipcrtr_socket permissive=1
avc: denied { getattr } for comm="imsrcsd" scontext=u:r:hal_rcsservice:s0 tcontext=u:r:hal_rcsservice:s0 tclass=qipcrtr_socket permissive=1

Bug: 145503975
Test: Flash the rom and boot to home without this avc denied.
Change-Id: I853a64543e79115f4909624c6859cc136f73b8ab
tracking_denials/hal_rcsservice.te[Deleted - diff]
vendor/qcom/common/hal_rcsservice.te[diff]
2 files changed
tree: b7a70ca2bc882abb89845203985f7864fd71df7c