lineage/android_device_samsung_msm8974-common
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

msm8974-common: sepolicy: Resolve init denials

Browse Source 
* avc: denied { write } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file permissive=1
* avc: denied { open } for name="enable_adaptive_lmk" dev="sysfs"
  ino=6724 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file
  permissive=1
* avc: denied { setattr } for name="firmware_path" dev="sysfs"
  ino=6423 scontext=u:r:init:s0
  tcontext=u:object_r:sysfs_wifi_writeable:s0 tclass=file
  permissive=1
* avc: denied { write } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { open } for name="l2" dev="sysfs" ino=29063
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_msm_power:s0
  tclass=file permissive=1
* avc: denied { write } for name="enabled" dev="sysfs" ino=29716
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_thermal:s0
  tclass=file permissive=1
* avc: denied { write } for name="online" dev="sysfs" ino=5871
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0
  tclass=file permissive=1
* avc: denied { write } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { open } for name="boost_ms" dev="sysfs" ino=6652
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_cpu_boost:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="min_pwrlevel" dev="sysfs"
  ino=19546 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_kgsl:s0
  tclass=file permissive=0
* avc: denied { setattr } for name="enabled" dev="sysfs" ino=23417
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_hal_pwr:s0
  tclass=file permissive=1
* avc: denied { setattr } for name="rear_camfw" dev="sysfs" ino=24404
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs_camera:s0
  tclass=file permissive=1
* avc: denied { check_context } for scontext=u:r:init:s0
  tcontext=u:object_r:kernel:s0 tclass=security permissive=0

Change-Id: Id7f78abedea2209f84527b1b83259574d06a0900
This commit is contained in:
Kevin F. Haggerty 2018-10-21 09:00:54 -06:00
parent 7fb5a8c6cb
commit 7e3f9a566d
No known key found for this signature in database
GPG Key ID: 6D95512933112729
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sepolicy/common/init.te
View File

@ -1,3 +1,9 @@
# This really is necessary for init.qcom.rc to manually restorecon the
# /data/data/com.android.providers.telephony/(databases|shared_prefs)
# symlinks. Without the manual restorecon, we would have to allow rild
# to read any system_data_file:lnk_file.
selinux_check_context(init)
allow init {
sysfs_iio
sysfs_sec_tsp
@ -9,11 +15,15 @@ allow init sysfs_input:file rw_file_perms;
allow init sysfs_graphics:file r_file_perms;
allow init {
sysfs_audio
sysfs_batteryinfo
sysfs_bluetooth_writable
sysfs_camera
sysfs_graphics
sysfs_hal_pwr
sysfs_iio
sysfs_input
sysfs_kgsl
sysfs_leds
sysfs_mdnie
sysfs_msmuart_file
@ -31,10 +41,16 @@ allow init {
sysfs_socinfo
sysfs_usb_otg
sysfs_usb_storage_gadget
sysfs_wifi_writeable
}:file setattr;
allow init {
sysfs_cpu_boost
sysfs_devices_system_cpu
sysfs_lowmemorykiller
sysfs_mmc_host
sysfs_msm_perf
sysfs_msm_power
sysfs_sec_key
sysfs_thermal
}:file w_file_perms;