tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Sepolicy : Do not audit untrusted_app_27 to fix avc denials

Browse source 
Add do not audit rule for unrusted_app_27 to fix AVC
denials for gpubusy and max_gpuclk props

denial:
type=1400 audit(0.0:465): avc: denied { read } for name="max_gpuclk" dev="sysfs"
ino=56328 scontext=u:r:untrusted_app_27:s0:c178,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.gameloft.android.ANMP.GloftA9HM

type=1400 audit(0.0:381): avc: denied { read } for name="gpubusy" dev="sysfs" 
ino=56330 scontext=u:r:untrusted_app_27:s0:c168,c256,c512,c768 
tcontext=u:object_r:sysfs_kgsl:s0 tclass=file permissive=0 app=com.tencent.ig

Change-Id: If11c109b5426c598121cff045ad1693d2221d57e
This commit is contained in:
kranthi 2019-08-07 11:33:38 +05:30
parent 0bc13bf5ee
commit 03232c6a4f
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
generic/vendor/test/untrusted_app_27.te vendored
View file

@ -28,9 +28,8 @@
#allow untrusted_app_27 clients to access configuration settings
userdebug_or_eng(`
allow untrusted_app_27 sysfs_kgsl:dir search;
dontaudit {
untrusted_app_27
} sysfs_kgsl:dir read;
dontaudit untrusted_app_27 sysfs_kgsl:dir read;
dontaudit untrusted_app_27 sysfs_kgsl:file read;
r_dir_file(untrusted_app_27, sysfs_kgsl_snapshot);
r_dir_file(untrusted_app_27, vendor_gles_data_file);
allow untrusted_app_27 vendor_gles_data_file:dir rw_dir_perms;