tequilaOS/platform_bootable_recovery
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add 'system' to update_verifier's gid

Browse source 
This addresses the denial to /dev/cpuset/tasks:
update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override }
for capability=1 scontext=u:r:update_verifier:s0
tcontext=u:r:update_verifier:s0 tclass=capability permissive=1

update_verifier: type=1400 audit(0.0:378): avc: granted { write } for
name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0
tcontext=u:object_r:cgroup:s0 tclass=file

Bug: 37358323
Test: denial message gone after adding system group
Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d
This commit is contained in:
Tianjie Xu 2017-04-18 11:29:32 -07:00
parent 1b28a27c33
commit 0ad2de5eab
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
update_verifier/update_verifier.rc
View file

@ -1,11 +1,11 @@
service update_verifier_nonencrypted /system/bin/update_verifier nonencrypted service update_verifier_nonencrypted /system/bin/update_verifier nonencrypted
user root user root
group cache group cache system
priority -20 priority -20
ioprio rt 0 ioprio rt 0
service update_verifier /system/bin/update_verifier ${vold.decrypt} service update_verifier /system/bin/update_verifier ${vold.decrypt}
user root user root
group cache group cache system
priority -20 priority -20
ioprio rt 0 ioprio rt 0