tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Dontaudit chmod of virtualizationsevice_data_file

Browse source 
Init attempts to rm -rf these files, to ensure any that are owned by
the old virtualizationservice UID get deleted. This fails for newer
directories, now we use the system UID, which is harmless. But rm
attempts to chmod the directories since it can't read them, which also
fails and generates a spurious audit. So here we suppress that.

Bug: 235338094
Test: No denials seen even when there are stale directories present
Change-Id: If55fbe151174ee08a12b64b301e4aa86ffc1a5bf
This commit is contained in:
Alan Stokes 2022-06-15 17:25:20 +01:00
parent ff418d6499
commit 40f33c1da1
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
private/toolbox.te
View file

@ -5,3 +5,8 @@ init_daemon_domain(toolbox)
# rm -rf in /data/misc/virtualizationservice
allow toolbox virtualizationservice_data_file:dir { rmdir rw_dir_perms };
allow toolbox virtualizationservice_data_file:file { getattr unlink };
# If we can't remove these directories we try to chmod them. That
# doesn't work, but it doesn't matter as virtualizationservice itself
# will delete them when it starts. See b/235338094#comment39
dontaudit toolbox virtualizationservice_data_file:dir setattr;