Google Git
Sign in
android / device / google / sunfish-sepolicy / c523f1f
commitc523f1f2acc86ab5ebceb8facc7aad7e018c0fc7[log] [tgz]
authorSalmaxChang <salmaxchang@google.com>Fri Nov 22 18:46:45 2019 +0800
committerSalmaxChang <salmaxchang@google.com>Tue Nov 26 15:56:17 2019 +0800
treed65468b3b02ae033f5997671555cf6862b3d8f82
parent9ab47ceda04f803ee27c0b6f12c3ce6f2f4ac043 [diff]
subsystem_ramdump: Fix avc denials

- Add neccesary sepolicy rules
- Remove dontaudit

avc: denied { open } for comm="subsystem_ramdu" path="/dev" dev="tmpfs" ino=20712 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=1
avc: denied { read } for comm="subsystem_ramdu" name="ramdump_md_a615_zap" dev="tmpfs" ino=12399 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:ramdump_device:s0 tclass=chr_file permissive=1
avc: denied { getattr } for comm="subsystem_ramdu" path="/data/vendor/ssrdump" dev="dm-0" ino=213 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:ramdump_vendor_data_file:s0 tclass=dir permissive=1
avc: denied { search } for comm="subsystem_ramdu" name="msm_subsys" dev="sysfs" ino=23528 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=1
avc: denied { read } for comm="subsystem_ramdu" name="devices" dev="sysfs" ino=23530 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=1
avc: denied { write } for name="property_service" dev="tmpfs" ino=21046 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
avc: denied { open } for comm="subsystem_ramdu" path="/sys/module/subsystem_restart/parameters/enable_ramdumps" dev="sysfs" ino=34872 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { read } for comm="subsystem_ramdu" name="name" dev="sysfs" ino=50560 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:sysfs_ssr:s0 tclass=file permissive=1
avc: denied { search } for comm="subsystem_ramdu" name="ssrlog" dev="dm-0" ino=214 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:ssr_log_file:s0 tclass=dir permissive=1
avc: denied { append } for comm="subsystem_ramdu" name="ssr_log.txt" dev="dm-0" ino=7548 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:ssr_log_file:s0 tclass=file permissive=1
avc: denied { getattr } for comm="subsystem_ramdu" path="/sys/devices/platform/soc/4080000.qcom,mss/subsys2/crash_reason" dev="sysfs" ino=50290 scontext=u:r:vendor_subsystem_ramdump:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1

Bug: 144547953
Test: No related avc denial found

Change-Id: I8e75e340bd7a5133f2afcdca0f79704055f4c4e9
3 files changed
tree: d65468b3b02ae033f5997671555cf6862b3d8f82
  1. private/
  2. public/
  3. vendor/
  4. OWNERS
  5. sunfish-sepolicy.mk