Google Git
Sign in
android / platform / system / sepolicy / a12aad45b68da1d3da096659a2b22b5e95c1f6b9
commita12aad45b68da1d3da096659a2b22b5e95c1f6b9[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Mon Jul 10 20:39:50 2017 -0700
committerJeff Vander Stoep <jeffv@google.com>Mon Jul 10 21:21:48 2017 -0700
tree0b479c454b35c2de1d87047961df939c4958ff12
parent72b265473e3d3ef034e4ce8d73528675e163bdbd [diff]
domain_deprecated: remove rootfs access

Grant audited permissions collected in logs.

tcontext=platform_app
avc: granted { getattr } for comm=496E666C6174657254687265616420
path="/" dev="dm-0" ino=2 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=system_app
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=update_engine
avc: granted { getattr } for comm="update_engine" path="/" dev="dm-0"
ino=2 scontext=u:r:update_engine:s0 tcontext=u:object_r:rootfs:s0
tclass=dir
avc: granted { getattr } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Test: build
Change-Id: I6135eea1d10b903a4a7e69da468097f495484665
3 files changed
tree: 0b479c454b35c2de1d87047961df939c4958ff12
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. vendor/
  6. Android.mk
  7. CleanSpec.mk
  8. MODULE_LICENSE_PUBLIC_DOMAIN
  9. NOTICE
  10. OWNERS
  11. PREUPLOAD.cfg
  12. README