From 15df5d8ddf9ab382f6c2b64e2dd634fd9f51d2f3 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Fri, 5 May 2017 14:14:38 -0700 Subject: [PATCH] Allow non-ramdump perms on user build Addresses: Abort message: 'jni_internal.cc:508] JNI FatalError called: frameworks/base/core/jni/com_android_internal_os_Zygote.cpp:640: selinux_android_setcontext failed' avc: denied { open } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { read } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { getattr } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file avc: denied { search } scontext=u:r:ssr_detector_app:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir Bug: 34784662 Test: build and boot user-build Change-Id: I3e879222038b6b2742c6d8c8e4f3a15dcf4f43dc --- sepolicy/ssr_detector.te | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/sepolicy/ssr_detector.te b/sepolicy/ssr_detector.te index b586b9d1..01e976db 100644 --- a/sepolicy/ssr_detector.te +++ b/sepolicy/ssr_detector.te @@ -1,16 +1,17 @@ # SSRestartDetector app type ssr_detector_app, domain; -userdebug_or_eng(` - app_domain(ssr_detector_app) +app_domain(ssr_detector_app) +userdebug_or_eng(` allow ssr_detector_app ramdump_vendor_data_file:dir r_dir_perms; allow ssr_detector_app ramdump_vendor_data_file:file r_file_perms; get_prop(ssr_detector_app, ssr_prop) - - allow ssr_detector_app { app_api_service }:service_manager find; - - # Read and write /data/data subdirectory. - allow ssr_detector_app system_app_data_file:dir create_dir_perms; - allow ssr_detector_app system_app_data_file:{ file lnk_file } create_file_perms; ') + allow ssr_detector_app app_api_service:service_manager find; + +# ssr_detector app's data type is system_app_data_file. +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:{ file lnk_file } create_file_perms; + +r_dir_file(ssr_detector_app, sysfs_msm_subsys)