Allow system_server_startup to read ART config

Denial:

06-03 14:18:31.491   691   691 I auditd  : type=1400 audit(0.0:88): avc:
denied { read } for comm="system_server"
name="u:object_r:device_config_runtime_native_prop:s0" dev="tmpfs"
ino=140 scontext=u:r:system_server_startup:s0
tcontext=u:object_r:device_config_runtime_native_prop:s0 tclass=file
permissive=0

Test: DeviceBootTest.DeviceBootTest#SELinuxUncheckedDenialBootTest
Bug: 181748174
Merged-In: I5e7624e2410e6c533e7ef238a0c3cc38ff6e368a
Change-Id: I5e7624e2410e6c533e7ef238a0c3cc38ff6e368a
(cherry picked from commit cf6a7e9821)
This commit is contained in:
Calin Juravle 2021-06-03 08:16:22 -07:00
parent ff0dc89527
commit b662d65f19

View file

@ -14,3 +14,7 @@ allow system_server_startup system_server:process dyntransition;
# Child of the zygote. # Child of the zygote.
allow system_server_startup zygote:process sigchld; allow system_server_startup zygote:process sigchld;
# Allow query ART device config properties
get_prop(system_server_startup, device_config_runtime_native_boot_prop)
get_prop(system_server_startup, device_config_runtime_native_prop)