tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow zygote to scan static overlays on /oem

Browse source 
During preloading resources, zygote scans the overlay directories of
supported partitions looking for android RROs to apply statically. Zygote
currently is allowed to read overlays in /oem/overlay, but zygote does
not have the search permission to be able to scan /oem.

Without this patch, this denial is logged:
04-04 14:57:40.136   876   876 I auditd  : type=1400 audit(0.0:9):
avc: denied { search } for comm="main" name="oem" dev="dm-3" ino=46
scontext=u:r:zygote:s0 tcontext=u:object_r:oemfs:s0 tclass=dir
permissive=0

Bug: 121033532
Test: booting without denials and stat oem succeeds
Change-Id: I661f3e0aff7ec3513870d08ddc122fc359b8f995
This commit is contained in:
Ryan Mitchell 2019-04-16 16:00:32 -07:00
parent 3cba24a81a
commit ef1a64e231
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/zygote.te
View file

@ -118,6 +118,9 @@ r_dir_file(zygote, rootfs)
# System file accesses.
r_dir_file(zygote, system_file)
# /oem accesses.
allow zygote oemfs:dir search;
userdebug_or_eng(`
# Allow zygote to create and write method traces in /data/misc/trace.
allow zygote method_trace_data_file:dir w_dir_perms;