f089ac2 - device/google/redbull-sepolicy

commit	f089ac2e9823dc06e612d04205ede0ff1f6ad1d1	[log] [tgz]
author	emilchung <emilchung@google.com>	Fri Mar 20 03:21:13 2020 +0800
committer	emilchung <emilchung@google.com>	Fri Mar 20 12:05:50 2020 +0800
tree	9826d2ed77974f13597970ae644963c1815ef0b0
parent	c87f24c11b8fdb31ba28bf08e3bd289719d280da [diff]

Sepolicy: fix avc denials of sscrpcd for sns_registry change

Fix avc denined for new factory calibrated registry path.
Set write permission only for userdebug or eng BULD.

Path:
/mnt/vendor/persist/sensors/registry/factory_data

Denined:
avc: denied { create } for comm="sscrpcd" name="factory_data" scontext=u:r:sensors:s0 tcontext=u:object_r:sensors_persist_file:s0 tclass=dir permissive=1
avc: denied { open } for comm="sscrpcd" path="/mnt/vendor/persist/sensors/registry/factory_data" dev="sda2" ino=19 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { search } for comm="sscrpcd" name="factory_data" dev="sda2" ino=19 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { read } for comm="sscrpcd" name="factory_data" dev="sda2" ino=19 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { getattr } for comm="sscrpcd" path="/mnt/vendor/persist/sensors/registry/factory_data" dev="sda2" ino=19 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { open } for comm="sscrpcd" path="bmp380_0_platform.pressure.fac_cal.scale" dev="sda2" ino=77 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=file permissive=1
avc: denied { read } for comm="sscrpcd" name="bmp380_0_platform.pressure.fac_cal.scale" dev="sda2" ino=261 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=file permissive=1
avc: denied { getattr } for comm="sscrpcd" path="/mnt/vendor/persist/sensors/registry/factory_data/bmp380_0_platform.pressure.fac_cal.scale" dev="sda2" ino=216 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=file permissive=0
avc: denied { write } for comm="sscrpcd" name="factory_data" dev="sda2" ino=19 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { add_name } for comm="sscrpcd" name="bmp380_0_platform.pressure.fac_cal.scale" scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { remove_name } for comm="sscrpcd" name="bmp380_0_platform.pressure.fac_cal.scale" dev="sda2" ino=127 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { unlink } for comm="sscrpcd" name="bmp380_0_platform.pressure.fac_cal.scale" dev="sda2" ino=262 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=file permissive=1
avc: denied { write } for comm="sscrpcd" name="factory_data" dev="sda2" ino=669 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1
avc: denied { add_name } for comm="sscrpcd" name="bmp380_0_platform.pressure.fac_cal.scale" scontext=u:r:sensors:s0 tcontext=u:object_r:persist_sensors_reg_fac_file:s0 tclass=dir permissive=1

Bug: 140865156
Bug: 145235342
Test: Full Build with user/userdebug.
Test: No sensors related avc denined.
Test: Sensors calibration and functionality.
Change-Id: Ia90a83a3af6f3108e17a228e6e274744e6b82d0e
Signed-off-by: emilchung <emilchung@google.com>

3 files changed

tree: 9826d2ed77974f13597970ae644963c1815ef0b0