commit f4a5894fd7b9585ba955b2b530b62f64827c2a5c
author dcashman <dcashman@google.com> Mon Aug 10 13:20:55 2015 -0700
committer The Android Automerger <android-build@google.com> Tue Aug 11 18:08:59 2015 -0700
tree 3381d331fe55beb4404b98ecf78600c4ea1d4d1d
parent 3f40ca7331e9b9424e2d910aeee8fbb40170ed04

Label /persist files and expand tee access.

Address the following denials:
[   27.384289] type=1400 audit(2425588.259:46): avc: denied { read } for pid=393 comm="vold" name="irq" dev="proc" ino=4026531859 scontext=u:r:vold:s0 tcontext=u:object_r:proc_irq:s0 tclass=dir permissive=0
[   44.769811] type=1400 audit(2431764.659:50): avc: denied { read } for pid=2855 comm="vold" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[   77.892063] type=1400 audit(2431797.489:123): avc: denied { search } for pid=6067 comm="HubConnection" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:system_server:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[  116.586144] type=1400 audit(2431836.169:167): avc: denied { search } for pid=438 comm="qseecomd" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[  149.977738] type=1400 audit(2425710.849:57): avc: denied { search } for pid=2701 comm="FastMixer" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:mediaserver:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0
[  219.686730] type=1400 audit(1439224228.026:299): avc: denied { connectto } for pid=441 comm="qseecomd" path=0074696D655F67656E6F6666 scontext=u:r:tee:s0 tcontext=u:r:time:s0 tclass=unix_stream_socket permissive=0
[  219.714160] type=1400 audit(1439224228.056:300): avc: denied { search } for pid=442 comm="qseecomd" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0
[   30.467999] type=1400 audit(1439243467.562:87): avc: denied { read } for pid=3025 comm="HubConnection" name="sensorcal.json" dev="mmcblk0p32" ino=100 scontext=u:r:system_server:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=0
[   32.964363] type=1400 audit(1439243470.062:94): avc: denied { read } for pid=3102 comm="vold" name="/" dev="mmcblk0p32" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0
[   50.982485] type=1400 audit(1439243488.082:113): avc: denied { read } for pid=3030 comm="FastMixer" name="speaker_calibdata.bin" dev="mmcblk0p32" ino=99 scontext=u:r:mediaserver:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=0
[   59.065543] type=1400 audit(1439243496.162:147): avc: denied { read } for pid=3030 comm="FastMixer" name="speaker_calibdata.bin" dev="mmcblk0p32" ino=99 scontext=u:r:mediaserver:s0 tcontext=u:object_r:persist_file:s0 tclass=file permissive=0
08-10 18:11:19.846   468   468 W qseecomd: type=1400 audit(0.0:1059): avc: denied { write } for name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
08-10 18:11:19.896   468   468 W qseecomd: type=1400 audit(0.0:1060): avc: denied { write } for name="fpdata" dev="dm-2" ino=2916404 scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0
08-10 18:11:19.846   468   468 W qseecomd: type=1400 audit(0.0:1059): avc: denied { write } for name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
08-10 18:11:19.896   468   468 W qseecomd: type=1400 audit(0.0:1060): avc: denied { write } for name="fpdata" dev="dm-2" ino=2916404 scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0
08-10 18:13:11.916   468   468 I qseecomd: type=1400 audit(0.0:1070): avc: denied { write } for name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
08-10 18:13:11.916   468   468 I qseecomd: type=1400 audit(0.0:1071): avc: denied { add_name } for name="fpc" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
08-10 18:13:11.916   468   468 I qseecomd: type=1400 audit(0.0:1072): avc: denied { create } for name="fpc" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
08-10 18:13:11.956   468   468 I qseecomd: type=1400 audit(0.0:1073): avc: denied { create } for name="global.db" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
08-10 18:13:11.956   468   468 I qseecomd: type=1400 audit(0.0:1074): avc: denied { write open } for path="/data/fpc/global.db" dev="dm-2" ino=376834 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
08-10 18:13:11.986   468   468 I qseecomd: type=1400 audit(0.0:1075): avc: denied { write } for name="fpdata" dev="dm-2" ino=2916404 scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=1
08-10 18:13:11.986   468   468 I qseecomd: type=1400 audit(0.0:1076): avc: denied { add_name } for name="user.db" scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=1
08-10 18:13:11.986   468   468 I qseecomd: type=1400 audit(0.0:1077): avc: denied { create } for name="user.db" scontext=u:r:tee:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=file permissive=1

Bug: 21435401
Change-Id: I7bd05588beb5d1388d1d675d1149af3c2409f9d8