Fix incorrect SELinux labeling.

When moving SELinux rules from file_contexts to genfs_contexts, we added some genfs rules to label specific files. It turns out that one of those files was the prefix of some other files, and since genfs does prefix-labeling, those other files had their labels changed. To fix this, we are changing the whole tracefs /instances/wifi from debugfs_tracing_instances to debugfs_wifi_tracing (a few of the files already had this label). This simplifies the rules. Bug: 62413700 Test: Built, flashed, and booted two devices. Verified that the files have the correct context and that wifi, camera, and traceur work. Change-Id: Id62db079f439ae8c531b44d1184eea26d5b760c3
2017-07-06 10:59:11 -07:00 · 2017-07-06 10:59:11 -07:00 · 58d6929bf1
commit 58d6929bf1
parent a7e8eb981f
2 changed files with 3 additions and 6 deletions
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -68,12 +68,8 @@ genfscon debugfs /mmc0                                u:object_r:debugfs_mmc:s0
 genfscon debugfs /tracing                             u:object_r:debugfs_tracing:s0
 genfscon debugfs /tracing/instances                   u:object_r:debugfs_tracing_instances:s0
 genfscon tracefs /instances                           u:object_r:debugfs_tracing_instances:s0
-genfscon debugfs /tracing/instances/wifi/free_buffer  u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/trace        u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/tracing_on   u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/free_buffer          u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/trace                u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/tracing_on           u:object_r:debugfs_wifi_tracing:s0
+genfscon debugfs /tracing/instances/wifi              u:object_r:debugfs_wifi_tracing:s0
+genfscon tracefs /instances/wifi                      u:object_r:debugfs_wifi_tracing:s0
 genfscon debugfs /tracing/trace_marker                u:object_r:debugfs_trace_marker:s0
 genfscon tracefs /trace_marker                        u:object_r:debugfs_trace_marker:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@ -679,6 +679,7 @@ allow system_server sysfs_leds:dir r_dir_perms;

 # Allow WifiService to start, stop, and read wifi-specific trace events.
 allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:dir search;
 allow system_server debugfs_wifi_tracing:file rw_file_perms;

 # allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run