e477c781d4
We often see the following denials:
avc: denied { sys_rawio } for comm="update_engine" capability=17 scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0 tclass=capability permissive=0
avc: denied { sys_rawio } for comm="boot@1.0-servic" capability=17 scontext=u:r:hal_bootctl_default:s0 tcontext=u:r:hal_bootctl_default:s0 tclass=capability permissive=0
These are benign, so we are hiding them.
Bug: 37778617
Test: Boot device.
Change-Id: Iac196653933d79aa9cdeef7670076f0efc97b44a
(cherry picked from commit bf4afae140)
8 lines
335 B
Text
8 lines
335 B
Text
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_bootctl_client, hal_bootctl_server)
|
|
binder_call(hal_bootctl_server, hal_bootctl_client)
|
|
|
|
add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
|
|
allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
|
|
|
|
dontaudit hal_bootctl self:capability sys_rawio;
|