tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Dontaudit zygote to read and open media_rw_data_file dir"

Browse source
This commit is contained in:
Treehugger Robot 2021-03-08 11:26:35 +00:00 committed by Gerrit Code Review
commit a60ac31fcb
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/zygote.te
View file

@ -197,9 +197,11 @@ get_prop(zygote, device_config_window_manager_native_boot_prop)
# undesirable, so suppress the denial.
dontaudit zygote self:global_capability_class_set { sys_resource fsetid };
# Ignore spurious denials calling access() on fuse
# Ignore spurious denials calling access() on fuse.
# Also ignore read and open as sdcardfs may read and open dir when app tries to access a dir that
# doesn't exist.
# TODO(b/151316657): avoid the denials
dontaudit zygote media_rw_data_file:dir setattr;
dontaudit zygote media_rw_data_file:dir { read open setattr };
# Allow zygote to use ashmem fds from system_server.
allow zygote system_server:fd use;