tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Dontaudit denials caused by race with labeling.

Browse source 
These denials seem to be caused by a race with the process that labels
the files.  While we work on fixing them, hide the denials.

Bug: 68864350
Bug: 70180742
Test: Built policy.
Change-Id: I58a32e38e6384ca55e865e9575dcfe7c46b2ed3c
This commit is contained in:
Joel Galenson 2018-02-14 16:32:28 -08:00
parent 946b4b76f0
commit f7ec413844
5 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/bootanim.te
View file

@ -1,3 +1,6 @@
typeattribute bootanim coredomain; typeattribute bootanim coredomain;
init_daemon_domain(bootanim) init_daemon_domain(bootanim)
# b/68864350
dontaudit bootanim unlabeled:dir search;

4
private/bug_map
View file

@ -1,16 +1,12 @@
bootanim unlabeled dir 68864350
crash_dump app_data_file dir 68319037 crash_dump app_data_file dir 68319037
crash_dump bluetooth_data_file dir 68319037 crash_dump bluetooth_data_file dir 68319037
crash_dump resourcecache_data_file dir 68319037 crash_dump resourcecache_data_file dir 68319037
crash_dump system_data_file file 68319037 crash_dump system_data_file file 68319037
crash_dump vendor_overlay_file dir 68319037 crash_dump vendor_overlay_file dir 68319037
hal_fingerprint_default system_data_file dir 73068008 hal_fingerprint_default system_data_file dir 73068008
hal_graphics_allocator_default unlabeled dir 70180742
hal_graphics_composer_default unlabeled dir 68864350
priv_app sysfs dir 72749888 priv_app sysfs dir 72749888
priv_app sysfs_android_usb file 72749888 priv_app sysfs_android_usb file 72749888
priv_app system_data_file dir 72811052 priv_app system_data_file dir 72811052
surfaceflinger unlabeled dir 68864350
system_server crash_dump process 73128755 system_server crash_dump process 73128755
system_server vendor_framework_file dir 68826235 system_server vendor_framework_file dir 68826235
untrusted_app_25 system_data_file dir 72550646 untrusted_app_25 system_data_file dir 72550646

3
private/surfaceflinger.te
View file

@ -115,3 +115,6 @@ pdx_client(surfaceflinger, performance_client)
# Do not allow accessing SDcard files as unsafe ejection could # Do not allow accessing SDcard files as unsafe ejection could
# cause the kernel to kill the process. # cause the kernel to kill the process.
neverallow surfaceflinger sdcard_type:file rw_file_perms; neverallow surfaceflinger sdcard_type:file rw_file_perms;
# b/68864350
dontaudit surfaceflinger unlabeled:dir search;

3
vendor/hal_graphics_allocator_default.te vendored
View file

@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_allocator_default, hal_graphics_allocator)
type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type; type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_graphics_allocator_default) init_daemon_domain(hal_graphics_allocator_default)
# b/70180742
dontaudit hal_graphics_allocator_default unlabeled:dir search;

3
vendor/hal_graphics_composer_default.te vendored
View file

@ -3,3 +3,6 @@ hal_server_domain(hal_graphics_composer_default, hal_graphics_composer)
type hal_graphics_composer_default_exec, exec_type, vendor_file_type, file_type; type hal_graphics_composer_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_graphics_composer_default) init_daemon_domain(hal_graphics_composer_default)
# b/68864350
dontaudit hal_graphics_composer_default unlabeled:dir search;