Google Git
Sign in
android / device / google / redbull-sepolicy / e0d1dc6
commite0d1dc6ff251a8df5dd558049bec7e2230177b9d[log] [tgz]
authormasonwang <masonwang@google.com>Wed Nov 06 14:25:12 2019 +0800
committermasonwang <masonwang@google.com>Thu Nov 07 12:23:35 2019 +0800
tree45ffeb137df3bd694ef2d2f108bd60f64974a5af
parent9eac035b30688e279e8152f25457bf13f1800b04 [diff]
Add the sepolicy rules for adsprpcd

Fix the avc error of adsprpcd.

avc: denied { ioctl } for path="/dev/ion" dev="tmpfs" ino=27099 ioctlcmd=0x4901 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { open } for path="/dev/ion" dev="tmpfs" ino=27099 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { read } for name="ion" dev="tmpfs" ino=27099 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { search } for name="vendor" dev="tmpfs" ino=26788 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
avc: denied { search } for name="/" dev="sda2" ino=2 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { ioctl } for path="/dev/adsprpc-smd-secure" dev="tmpfs" ino=27650 ioctlcmd=0x5201 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file permissive=1
avc: denied { open } for path="/dev/adsprpc-smd-secure" dev="tmpfs" ino=27650 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file permissive=1
avc: denied { read } for name="adsprpc-smd-secure" dev="tmpfs" ino=27650 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:qdsp_device:s0 tclass=chr_file permissive=1
avc: denied { add_name } for name="sns_amd" dev="sda2" ino=270 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { getattr } for path="/mnt/vendor/persist/sensors/registry/registry" dev="sda2" ino=74 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { open } for path="/mnt/vendor/persist/sensors/registry/registry" dev="sda2" ino=74 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { read } for name="registry" dev="sda2" ino=74 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { remove_name } for name="temp.json" dev="sda2" ino=376 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { search } for name="sensors" dev="sda2" ino=16 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { write } for name="registry" dev="sda2" ino=17 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { create } for name="temp.json" scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { getattr } for path="/mnt/vendor/persist/sensors/registry/registry/lsm6dsr_0_platform.act" dev="sda2" ino=317 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { open } for path="/mnt/vendor/persist/sensors/registry/registry/lsm6dsr_0_platform.act" dev="sda2" ino=317 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { read } for name="lsm6dsr_0_platform.act" dev="sda2" ino=317 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { rename } for name="temp.json" dev="sda2" ino=376 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { unlink } for name="sns_amd" dev="sda2" ino=270 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { write } for path="/mnt/vendor/persist/sensors/registry/temp.json" dev="sda2" ino=376 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=file permissive=1
avc: denied { search } for name="backlight" dev="sysfs" ino=65708 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
avc: denied { getattr } for path="/sys/devices/platform/soc/soc:qcom,dsi-display-primary/backlight/panel0-backlight/brightness" dev="sysfs" ino=65715 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/platform/soc/soc:qcom,dsi-display-primary/backlight/panel0-backlight/brightness" dev="sysfs" ino=65715 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1
avc: denied { read } for name="brightness" dev="sysfs" ino=65715 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1
avc: denied { search } for name="soc0" dev="sysfs" ino=69684 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=dir permissive=1
avc: denied { getattr } for path="/sys/devices/soc0/hw_platform" dev="sysfs" ino=69725 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/devices/soc0/hw_platform" dev="sysfs" ino=69725 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1
avc: denied { read } for name="hw_platform" dev="sysfs" ino=69725 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1

Bug: 141525374
Test: flash selinux modules to device and find avc errors gone
Change-Id: I5e912f0067b61d7a6c103064a2ed0d383be27960
1 file changed
tree: 45ffeb137df3bd694ef2d2f108bd60f64974a5af
  1. public/
  2. vendor/
  3. OWNERS
  4. redbull-sepolicy.mk