Extend access to proc/asound/*
Renamed this type: proc_asound_cards -> proc_asound Labeled /proc/asound/devices as proc_asound. We now use proc_asound type to label files under /proc/asound which we want to expose to system components. Bug: 66988327 Test: Pixel 2 boots, can play sound with or without headphones, and selinux denials to proc_asound are not seen. Change-Id: I453d9bfdd70eb80931ec9e80f17c8fd0629db3d0
This commit is contained in:
Tri Vo
parent
5f85a48099
commit
464f59ae10
6 changed files with 7 additions and 6 deletions
|
|
@ -110,7 +110,7 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
|
|||
# Create a more specific label if needed
|
||||
neverallow all_untrusted_apps {
|
||||
proc
|
||||
proc_asound_cards
|
||||
proc_asound
|
||||
proc_filesystems
|
||||
proc_kmsg
|
||||
proc_loadavg
|
||||
|
|
|
|||
|
|
@ -446,7 +446,7 @@
|
|||
(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
|
||||
(typeattributeset print_service_26_0 (print_service))
|
||||
(typeattributeset priv_app_26_0 (mediaprovider priv_app))
|
||||
(typeattributeset proc_26_0 (proc proc_asound_cards proc_cmdline proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
|
||||
(typeattributeset proc_26_0 (proc proc_asound proc_cmdline proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
|
||||
(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
|
||||
(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
|
||||
(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
genfscon rootfs / u:object_r:rootfs:s0
|
||||
# proc labeling can be further refined (longest matching prefix).
|
||||
genfscon proc / u:object_r:proc:s0
|
||||
genfscon proc /asound/cards u:object_r:proc_asound_cards:s0
|
||||
genfscon proc /asound/cards u:object_r:proc_asound:s0
|
||||
genfscon proc /asound/devices u:object_r:proc_asound:s0
|
||||
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
||||
genfscon proc /config.gz u:object_r:config_gz:s0
|
||||
genfscon proc /filesystems u:object_r:proc_filesystems:s0
|
||||
|
|
|
|||
|
|
@ -675,7 +675,7 @@ allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdi
|
|||
r_dir_file(system_server, cgroup)
|
||||
allow system_server ion_device:chr_file r_file_perms;
|
||||
|
||||
r_dir_file(system_server, proc_asound_cards)
|
||||
r_dir_file(system_server, proc_asound)
|
||||
r_dir_file(system_server, proc_loadavg)
|
||||
r_dir_file(system_server, proc_meminfo)
|
||||
r_dir_file(system_server, proc_net)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ type usermodehelper, fs_type;
|
|||
type sysfs_usermodehelper, fs_type, sysfs_type;
|
||||
type qtaguid_proc, fs_type, mlstrustedobject;
|
||||
type proc_bluetooth_writable, fs_type;
|
||||
type proc_asound_cards, fs_type;
|
||||
type proc_asound, fs_type;
|
||||
type proc_cmdline, fs_type;
|
||||
type proc_cpuinfo, fs_type;
|
||||
type proc_filesystems, fs_type;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ userdebug_or_eng(`
|
|||
')
|
||||
|
||||
r_dir_file(hal_audio, proc)
|
||||
r_dir_file(hal_audio, proc_asound_cards)
|
||||
r_dir_file(hal_audio, proc_asound)
|
||||
allow hal_audio audio_device:dir r_dir_perms;
|
||||
allow hal_audio audio_device:chr_file rw_file_perms;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue