Google Git
Sign in
android / device / google / redbull-sepolicy / e04d5fa
commite04d5fa1a91c2f3d601ecd9de68fb21d5760db38[log] [tgz]
authorMimi Wu <mimiwu@google.com>Mon Feb 10 21:59:42 2020 +0800
committerMimi Wu <mimiwu@google.com>Tue Feb 11 10:15:31 2020 +0000
treed09d16c60fe2faa4879808c163f37404655cc3f5
parentec2c2f58ab8146bbdb70db9f58ed2bd5f9f1fcfd [diff]
Modify sepolicy for toolbox to rm -rf /data/per_boot

type=1400 audit(1581339796.522:123): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:124): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:125): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:126): avc: denied { search } for comm="rm" name="per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:127): avc: denied { getattr } for comm="rm" path="/data/per_boot/Wyixl6zGkI2TqOYeqfKiaC" dev="dm-9" ino=5021 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581339796.522:128): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:129): avc: denied { remove_name } for comm="rm" name="Wyixl6zGkI2TqOYeqfKiaC" dev="dm-9" ino=5021 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581339796.522:130): avc: denied { unlink } for comm="rm" name="Wyixl6zGkI2TqOYeqfKiaC" dev="dm-9" ino=5021 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581339796.542:131): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=5020 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Bug: 146477044
Test: flash full build and find avc errors gone
Change-Id: I2881fa4ec25949455a2b45edc14e6ab50e6de5e4
Signed-off-by: Mimi Wu <mimiwu@google.com>
1 file changed
tree: d09d16c60fe2faa4879808c163f37404655cc3f5
  1. private/
  2. public/
  3. tracking_denials/
  4. vendor/
  5. OWNERS
  6. redbull-sepolicy.mk