eb531975598d13f0d0dd07ec4732a36013745987 - device/lge/bullhead

commit	eb531975598d13f0d0dd07ec4732a36013745987	[log] [tgz]
author	dcashman <dcashman@google.com>	Tue Aug 11 12:45:35 2015 -0700
committer	The Android Automerger <android-build@google.com>	Tue Aug 11 16:02:41 2015 -0700
tree	c39e66111b71d5837d690d0ea1484a3f80f56a39
parent	0be1d3fd12f2638a68c5f0afbd4789c175470b87 [diff]

Allow mediaserver perfd search access.

Also move cnd to permissive as a result of dac capability requests.

Address the following denials:
[    5.436425] type=1400 audit(2951303.029:5): avc: denied { read write } for pid=513 comm="cnd" name="smem_log" dev="tmpfs" ino=13366 scontext=u:r:cnd:s0 tcontext=u:object_r:smem_log_device:s0 tclass=chr_file permissive=0
[    5.438670] type=1400 audit(2951303.029:6): avc: denied { create } for pid=513 comm="cnd" scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=socket permissive=0
[    5.439205] type=1400 audit(2951303.029:7): avc: denied { dac_override } for pid=513 comm="cnd" capability=1 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=0
[   51.514564] type=1400 audit(1439264846.552:35): avc: denied { search } for pid=3799 comm=736F756E6420747269676765722063 name="perfd" dev="dm-0" ino=408832 scontext=u:r:mediaserver:s0 tcontext=u:object_r:mpctl_data_file:s0 tclass=dir permissive=0

Bug: 22977937
Change-Id: I9df639ca1252859d46888af9ac01317a79889912

2 files changed

tree: c39e66111b71d5837d690d0ea1484a3f80f56a39