Allow non-ramdump perms on user build

Addresses: Abort message: 'jni_internal.cc:508] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:640: selinux_android_setcontext failed' avc: denied { open } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { read } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { getattr } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { search } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir Bug: 34784662 Test: build and boot user-build Change-Id: I3e879222038b6b2742c6d8c8e4f3a15dcf4f43dc
2026-02-01 07:50:47 +00:00 · 2017-05-05 14:14:38 -07:00
parent 1e8cf131ad
commit 15df5d8ddf
1 changed files with 9 additions and 8 deletions
--- a/sepolicy/ssr_detector.te
+++ b/sepolicy/ssr_detector.te
@@ -1,16 +1,17 @@
 # SSRestartDetector app
 type ssr_detector_app, domain;

-userdebug_or_eng(`
-  app_domain(ssr_detector_app)
+app_domain(ssr_detector_app)

+userdebug_or_eng(`
  allow ssr_detector_app ramdump_vendor_data_file:dir r_dir_perms;
  allow ssr_detector_app ramdump_vendor_data_file:file r_file_perms;
  get_prop(ssr_detector_app, ssr_prop)
-
-  allow ssr_detector_app { app_api_service }:service_manager find;
-
-  # Read and write /data/data subdirectory.
-  allow ssr_detector_app system_app_data_file:dir create_dir_perms;
-  allow ssr_detector_app system_app_data_file:{ file lnk_file } create_file_perms;
 ')
+  allow ssr_detector_app app_api_service:service_manager find;
+
+# ssr_detector app's data type is system_app_data_file.
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+r_dir_file(ssr_detector_app, sysfs_msm_subsys)