No description
c098533269
Suppose an external SSD or pendrive with a corrupted file system
is connected to the DUT on bootup, in this case file systems
checker will run for checking these corruptions, however since
the usb nodes are created dynamically on runtime the fsck_untrusted
will not have permissions for this.
Also, the fsck is necessary for the internal storage and directories,
mounts created any external SSD can be ignored,
therefore adding dontaudit rules.
Following are the avc denials:
type=1400 audit(1661408631.839:117): avc: denied { search }
for comm="fsck.exfat" name="usb2" dev="sysfs" ino=146315
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=dir permissive=1
type=1400 audit(1661408631.839:118): avc: denied { read }
for comm="fsck.exfat" name="start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
type=1400 audit(1661408631.839:119): avc: denied { open }
for comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
type=1400 audit(1661408631.839:120): avc: denied { getattr } for
comm="fsck.exfat" path="/sys/devices/platform/soc/a600000.ssusb/
a600000.dwc3/xhci-hcd.2.auto/usb2/2-1/2-1:1.0/host1/target1:0:0/
1:0:0:0/block/sdi/sdi1/start" dev="sysfs" ino=146885
scontext=u:r:fsck_untrusted:s0
tcontext=u:object_r:vendor_sysfs_usb_node:s0 tclass=file permissive=1
Change-Id: If67b70c7fffc197bbd107f13fa3bb21b87d73a24
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
|
||
|---|---|---|
| generic/vendor | ||
| qva/vendor | ||
| SEPolicy.mk | ||