From cf6a7e9821756548f5ae867214e8420a01401fa1 Mon Sep 17 00:00:00 2001 From: Calin Juravle Date: Thu, 3 Jun 2021 08:16:22 -0700 Subject: [PATCH] Allow system_server_startup to read ART config Denial: 06-03 14:18:31.491 691 691 I auditd : type=1400 audit(0.0:88): avc: denied { read } for comm="system_server" name="u:object_r:device_config_runtime_native_prop:s0" dev="tmpfs" ino=140 scontext=u:r:system_server_startup:s0 tcontext=u:object_r:device_config_runtime_native_prop:s0 tclass=file permissive=0 Test: DeviceBootTest.DeviceBootTest#SELinuxUncheckedDenialBootTest Bug: 181748174 Change-Id: I5e7624e2410e6c533e7ef238a0c3cc38ff6e368a --- private/system_server_startup.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/private/system_server_startup.te b/private/system_server_startup.te index 902941ed4..330130473 100644 --- a/private/system_server_startup.te +++ b/private/system_server_startup.te @@ -14,3 +14,7 @@ allow system_server_startup system_server:process dyntransition; # Child of the zygote. allow system_server_startup zygote:process sigchld; + +# Allow query ART device config properties +get_prop(system_server_startup, device_config_runtime_native_boot_prop) +get_prop(system_server_startup, device_config_runtime_native_prop)