tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add get_prop(odsign_prop) to incidentd.te

Browse source 
Prevents SELinux denial when capturing a bugreport.

Bug: 192895524
Bug: 193084909
Bug: 193096842
Bug: 193097008
Bug: 193097511
Bug: 193097845
Bug: 193097886
Ignore-AOSP-First: cherry pick of https://r.android.com/1761447
Test: adb bugreport and check no denial in logcat.
Change-Id: Ide5d95782929836cffc5b3921bffae3295773532
This commit is contained in:
Orion Hodson 2021-07-09 14:54:27 +01:00
parent 2a5ab82215
commit 6f9b65aac7
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/31.0/private/incidentd.te
View file

@ -140,6 +140,8 @@ allow incidentd zygote_exec:file { rx_file_perms };
# Access the runtime feature flag properties.
get_prop(incidentd, device_config_runtime_native_prop)
get_prop(incidentd, device_config_runtime_native_boot_prop)
# Access odsign verification status.
get_prop(incidentd, odsign_prop)
# ART locks profile files.
allow incidentd system_file:file lock;
# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.

2
private/incidentd.te
View file

@ -140,6 +140,8 @@ allow incidentd zygote_exec:file { rx_file_perms };
# Access the runtime feature flag properties.
get_prop(incidentd, device_config_runtime_native_prop)
get_prop(incidentd, device_config_runtime_native_boot_prop)
# Access odsign verification status.
get_prop(incidentd, odsign_prop)
# ART locks profile files.
allow incidentd system_file:file lock;
# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.