fa0f61e5ce0a1827bd279f1e46a384a54f397795 - device/moto/shamu

commit	fa0f61e5ce0a1827bd279f1e46a384a54f397795	[log] [tgz]
author	Nilesh Poddar <npoddar@codeaurora.org>	Wed Jan 21 16:13:29 2015 -0800
committer	Etan Cohen <etancohen@google.com>	Wed Feb 18 14:22:49 2015 -0800
tree	52f3932d691cac11d0b8ad555d5fdbcb3a4b633f
parent	2214fb9403093f4a2cfc47ffe6da5514d8645a1c [diff]

Add sepolicy rules for cne and netmgr daemons

type=1400 audit(0.0:92): avc: denied { write } for name="cnd" dev="tmpfs" ino=10477 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421897629.744:92): avc: denied { write } for pid=1443 comm="CNEReceiver" name="cnd" dev="tmpfs" ino=10477 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421899275.556:4): avc: denied { setuid } for pid=380 comm="cnd" capability=7 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421899275.556:5): avc: denied { setgid } for pid=380 comm="cnd" capability=6 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421899313.314:158): avc: denied { net_raw } for pid=380 comm="cnd" capability=13 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421900557.215:101): avc: denied { write } for pid=1488 comm="CNEReceiver" name="cnd" dev="tmpfs" ino=9790 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421900557.215:102): avc: denied { connectto } for pid=1488 comm="CNEReceiver" path="/dev/socket/cnd" scontext=u:r:system_app:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket permissive=1

type=1400 audit(1421897628.604:91): avc: denied { write } for pid=1120 comm="netmgrd" name="cnd" dev="tmpfs" ino=10477 scontext=u:r:netmgrd:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421899287.166:142): avc: denied { connectto } for pid=1387 comm="netmgrd" path="/dev/socket/cnd" scontext=u:r:netmgrd:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket permissive=1
type=1400 audit(1421897649.566:95): avc: denied { read } for pid=2479 comm="ip" name="rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
type=1400 audit(1421897649.566:96): avc: denied { open } for pid=2479 comm="ip" path="/data/misc/net/rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
type=1400 audit(1421897649.566:97): avc: denied { getattr } for pid=2479 comm="ip" path="/data/misc/net/rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
avc:  denied  { set } for property=net.r_rmnet_data0.dns1 scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
type=1400 audit(1421897727.456:102): avc: denied { nlmsg_write } for pid=2670 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket permissive=1
type=1400 audit(1421897749.966:106): avc: denied { nlmsg_read } for pid=2841 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket permissive=1

Change-Id: I03ef32f0aec23eaab011309983a0fad551a65a1a

11 files changed