mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
f6b582c420
Adding rules for following denials:
denied { read } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { read } for pid=1106 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=netlink_generic_socket
denied { write } for pid=1107 comm="imsdatadaemon"
name="netmgr_connect_socket" dev="tmpfs" ino=29853 scontext=u:r:ims:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=sock_file
denied { net_raw } for pid=913 comm="imsdatadaemon" capability=13
scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=capability
denied { bind } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { bind } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=netlink_generic_socket
denied { create } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=netlink_generic_socket
denied { write } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { create } for pid=913 comm="imsdatadaemon" scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { ioctl } for pid=913 comm="imsdatadaemon" path="socket:[25647]"
dev="sockfs" ino=25647 ioctlcmd=c302 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { read } for pid=808 comm="imsqmidaemon" name="subsys0"
dev="sysfs" ino=33422 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file
denied { read } for pid=808 comm="imsqmidaemon" name="name" dev="sysfs"
ino=33416 scontext=u:r:ims:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=file
denied { open } for pid=808 comm="imsqmidaemon"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=33416 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { open } for pid=808 comm="imsqmidaemon"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16322
scontext=u:r:ims:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { read } for pid=808 comm="imsqmidaemon" name="devices"
dev="sysfs" ino=16322 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { search } for pid=808 comm="imsqmidaemon" name="msm_subsys"
dev="sysfs" ino=16320 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { ioctl } for pid=913 comm="imsdatadaemon" path="socket:[19931]"
dev="sockfs" ino=19931 ioctlcmd=89fd scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=udp_socket
Bug: 34784662
Test: The above denials are no longer present
Change-Id: I84c4c7d75d8d6f3427d8293ef072ec5c3c2392f7
14 lines
417 B
Plaintext
14 lines
417 B
Plaintext
type ims, domain;
|
|
type ims_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(ims)
|
|
net_domain(ims)
|
|
|
|
allow ims self:socket create_socket_perms;
|
|
allow ims self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allow ims netmgrd_socket:sock_file w_file_perms;
|
|
allowxperm ims self:socket ioctl IPC_ROUTER_IOCTL_LOOKUP_SERVER;
|
|
allowxperm ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED;
|
|
|
|
r_dir_file(ims, sysfs_msm_subsys);
|