Diff - af09a86^! - device/lge/hammerhead

commit	af09a866ad9411743b4158160617e4d4d3897a67	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Feb 25 13:12:44 2014 -0800
committer	Nick Kralevich <nnk@google.com>	Tue Feb 25 13:17:02 2014 -0800
tree	02351584c3a2c473da9feb94fb9eed557ff72a05
parent	0a0b40bf5dc6ad6490f75f7ae6997982b165b9d5 [diff]

sensors: move /data/app/sensor_ctl_socket In c89d7dcd63de492e37617b17348fbca7de9c08c2 , /data/app/sensor_ctl_socket moved to /dev/socket/sensor_ctl_socket . Add rules to allow this behavior. For compatibility with AOSP, retain the old rules until the change is public. Addresses the following denials: <5>[ 9.752728] type=1400 audit(1393360878.146:11): avc: denied { write } for pid=197 comm="sensors.qcom" name="socket" dev="tmpfs" ino=6148 scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=dir <5>[ 9.752985] type=1400 audit(1393360878.146:12): avc: denied { add_name } for pid=197 comm="sensors.qcom" name="sensor_ctl_socket" scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=dir <5>[ 9.753234] type=1400 audit(1393360878.146:13): avc: denied { create } for pid=197 comm="sensors.qcom" name="sensor_ctl_socket" scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file <5>[ 9.753456] type=1400 audit(1393360878.146:14): avc: denied { getattr } for pid=197 comm="sensors.qcom" path="/dev/socket/sensor_ctl_socket" dev="tmpfs" ino=9443 scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file <5>[ 9.753700] type=1400 audit(1393360878.146:15): avc: denied { setattr } for pid=197 comm="sensors.qcom" name="sensor_ctl_socket" dev="tmpfs" ino=9443 scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file <5>[ 9.754254] type=1400 audit(1393360878.146:16): avc: denied { write } for pid=197 comm="sensors.qcom" name="sensor_ctl_socket" dev="tmpfs" ino=9443 scontext=u:r:sensors:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file Bug: 12570192 Change-Id: I20ac1f1fa6acf355d96de51cc9a2e8ec5d127fb0

@@ -24,6 +24,11 @@ # Socket can be deleted. So might have to keep in order to work. allow sensors apk_data_file:dir remove_name; +# In a future release of Android, /data/app/sensor_ctl_socket moved +# to /dev/socket/sensor_ctl_socket . +type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket"; +allow sensors socket_device:dir { write add_name }; + # Create directories and files under /data/misc/sensors # and /data/system/sensors. Allow generic r/w file access. allow sensors sensors_data_file:dir create_dir_perms;