3aaead5256
I just found it's reported in some bugreports when logging errors from
linkerconfig.
avc: denied { ioctl } for pid=314 comm="linkerconfig"
path="/dev/pts/0" dev="devpts" ino=3 ioctlcmd=0x5401
scontext=u:r:linkerconfig:s0 tcontext=u:object_r:devpts:s0
tclass=chr_file permissive=1
Bug: 276386338
Test: m && boot
Change-Id: I57c9cc655e610dc81a95bc8578a6649c52798c93
27 lines
1 KiB
Text
27 lines
1 KiB
Text
type linkerconfig, domain, coredomain;
|
|
type linkerconfig_exec, exec_type, file_type, system_file_type;
|
|
|
|
init_daemon_domain(linkerconfig)
|
|
|
|
## Read and write linkerconfig subdirectory.
|
|
allow linkerconfig linkerconfig_file:dir create_dir_perms;
|
|
allow linkerconfig linkerconfig_file:file create_file_perms;
|
|
|
|
# Allow linkerconfig to log to the kernel.
|
|
allow linkerconfig kmsg_device:chr_file w_file_perms;
|
|
|
|
# Allow linkerconfig to be invoked with logwrapper from init.
|
|
allow linkerconfig devpts:chr_file { getattr ioctl read write };
|
|
|
|
# Allow linkerconfig to scan for apex modules
|
|
allow linkerconfig apex_mnt_dir:dir r_dir_perms;
|
|
|
|
# Allow linkerconfig to read apex-info-list.xml
|
|
allow linkerconfig apex_info_file:file r_file_perms;
|
|
|
|
# Allow linkerconfig to be called in the otapreopt_chroot
|
|
allow linkerconfig otapreopt_chroot:fd use;
|
|
allow linkerconfig postinstall_apex_mnt_dir:dir r_dir_perms;
|
|
allow linkerconfig postinstall_apex_mnt_dir:file r_file_perms;
|
|
|
|
neverallow { domain -init -linkerconfig -otapreopt_chroot } linkerconfig_exec:file no_x_file_perms;
|