tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

domain.te & kernel.te: allow kernel to write nativetest_data_file

Browse source 
to workaround some VTS VtsKernelLtp failures introduced by
change on vfs_iter_write here:
abbb65899a%5E%21/#F3

for discussion please check threads here:
https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg03348.html

Sandeep suggest to re-order the events in that thread,
that should be the right solution,
this change is only a tempory workaround before that change.

Bug: 79528964
Test: manually with -m VtsKernelLtp -t VtsKernelLtp#fs.fs_fill_64bit

Change-Id: I3f46ff874d3dbcc556cfbeb27be21878574877d1
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
(cherry picked from commit 64ff9e9523)
Merged-In: I3f46ff874d3dbcc556cfbeb27be21878574877d1
This commit is contained in:
Yongqin Liu 2018-05-09 21:12:50 +08:00 committed by Sandeep Patil
parent 34f233640a
commit 8c3a74ad64
4 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/28.0/public/domain.te
View file

@ -466,7 +466,7 @@ neverallow {
}:file no_x_file_perms;
# The test files and executables MUST not be accessible to any domain
neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
neverallow domain nativetest_data_file:dir no_w_dir_perms;
neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;

2
prebuilts/api/28.0/public/kernel.te
View file

@ -69,7 +69,7 @@ allow kernel asec_image_file:file read;
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
allow kernel update_engine_data_file:file read;
allow kernel nativetest_data_file:file read;
allow kernel nativetest_data_file:file { read write };
')
# Access to /data/media.

2
public/domain.te
View file

@ -466,7 +466,7 @@ neverallow {
}:file no_x_file_perms;
# The test files and executables MUST not be accessible to any domain
neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
neverallow domain nativetest_data_file:dir no_w_dir_perms;
neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;

2
public/kernel.te
View file

@ -69,7 +69,7 @@ allow kernel asec_image_file:file read;
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
allow kernel update_engine_data_file:file read;
allow kernel nativetest_data_file:file read;
allow kernel nativetest_data_file:file { read write };
')
# Access to /data/media.