mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
0ef2f5d6b6
Addressing the following selinux denials:
denied { relabelto } for pid=1 comm="init" name="sda20" dev="tmpfs"
ino=20728 scontext=u:r:init:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file
denied { read } for pid=5417 comm="android.hardwar" name="caps"
dev="sysfs" ino=31785 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_mdss_mdp_caps:s0 tclass=file
denied { search } for pid=579 comm="ueventd" name="firmware"
dev="sda22" ino=25 scontext=u:r:ueventd:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir
denied { create } for pid=669 comm="ramdump" name="RAMDUMP_STATUS"
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file
denied { setattr } for pid=669 comm="ramdump" name="RAMDUMP_STATUS"
dev="sda45" ino=1114114 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=file
denied { read write } for pid=669 comm="ramdump" name="sdd1" dev="tmpfs"
ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file
denied { open } for pid=669 comm="ramdump" path="/dev/block/sdd1"
dev="tmpfs" ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file
denied { getattr } for pid=669 comm="ramdump" path="/dev/block/sdd1"
dev="tmpfs" ino=20938 scontext=u:r:ramdump:s0
tcontext=u:object_r:sdd_block_device:s0 tclass=blk_file
denied { write } for pid=669 comm="ramdump" name="property_service"
dev="tmpfs" ino=19539 scontext=u:r:ramdump:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { connectto } for pid=669 comm="ramdump"
path="/dev/socket/property_service" scontext=u:r:ramdump:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket
denied { set } for property=debug.htc.hrdump pid=669 uid=0 gid=0
scontext=u:r:ramdump:s0 tcontext=u:object_r:debug_prop:s0
tclass=property_service
denied { net_bind_service } for pid=691 comm="tftp_server" capability=10
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability
denied { open } for pid=690 comm="rmt_storage"
path="/sys/devices/soc/a1800000.qcom,rmtfs_rtel_sharedmem/uio/uio1/name"
dev="sysfs" ino=40788 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { read } for pid=691 comm="pm-service" name="name" dev="sysfs"
ino=32454 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { read } for pid=692 comm="sensors.qcom" name="name" dev="sysfs"
ino=48306 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file
denied { open } for pid=692 comm="sensors.qcom"
path="/sys/devices/soc/17300000.qcom,lpass/subsys4/name" dev="sysfs"
ino=48306 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file
denied { open } for pid=691 comm="pm-service"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:per_mgr:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { ioctl } for pid=694 comm="rmt_storage" path="socket:[24703]"
dev="sockfs" ino=24703 ioctlcmd=c304 scontext=u:r:rmt_storage:s0
tcontext=u:r:rmt_storage:s0 tclass=socket
denied { search } for pid=696 comm="pd-mapper" name="msm_subsys"
dev="sysfs" ino=16813 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { read } for pid=696 comm="pd-mapper" name="devices" dev="sysfs"
ino=16815 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { open } for pid=696 comm="pd-mapper"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:pd_mapper:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir
denied { read } for pid=696 comm="pd-mapper" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file
denied { read } for pid=696 comm="pd-mapper" name="name" dev="sysfs"
ino=32454 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { open } for pid=696 comm="pd-mapper"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { setpcap } for pid=696 comm="pd-mapper" capability=8
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability
denied { setgid } for pid=696 comm="pd-mapper" capability=6
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability
denied { setuid } for pid=696 comm="pd-mapper" capability=7
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability
denied { read } for pid=731 comm="pd-mapper" name="image" dev="sda7"
ino=3 scontext=u:r:pd_mapper:s0 tcontext=u:object_r:firmware_file:s0
tclass=dir
denied { open } for pid=731 comm="pd-mapper" path="/firmware/image"
dev="sda7" ino=3 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir
denied { read } for pid=731 comm="pd-mapper" name="modemr.jsn"
dev="sda7" ino=37 scontext=u:r:pd_mapper:s0
tcontext=u:object_r:firmware_file:s0 tclass=file
denied { open } for pid=731 comm="pd-mapper"
path="/firmware/image/modemr.jsn" dev="sda7" ino=37
scontext=u:r:pd_mapper:s0 tcontext=u:object_r:firmware_file:s0
tclass=file
denied { open } for pid=831 comm="update_verifier"
path="/dev/block/platform/soc/1da4000.ufshc/by-name" dev="tmpfs"
ino=20506 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=dir
denied { read } for pid=831 comm="update_verifier" name="by-name"
dev="tmpfs" ino=20506 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=dir
denied { getattr } for pid=831 comm="update_verifier"
path="/dev/block/sda9" dev="tmpfs" ino=20550
scontext=u:r:update_verifier:s0 tcontext=u:object_r:sda_block_device:s0
tclass=blk_file
denied { read write } for pid=831 comm="update_verifier" name="sda"
dev="tmpfs" ino=20516 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file
denied { open } for pid=831 comm="update_verifier" path="/dev/block/sda"
dev="tmpfs" ino=20516 scontext=u:r:update_verifier:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file
denied { read } for pid=827 comm="android.hardwar" name="caps"
dev="sysfs" ino=31785 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/caps" dev="sysfs" ino=31785
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { getattr } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/caps" dev="sysfs" ino=31785
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { search } for pid=827 comm="android.hardwar"
name="8c0000.qcom,msm-cam" dev="sysfs" ino=20221
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=dir
denied { read } for pid=827 comm="android.hardwar" name="name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file
denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file
denied { getattr } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/8c0000.qcom,msm-cam/video4linux/video0/name"
dev="sysfs" ino=41516 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_camera:s0 tclass=file
denied { search } for pid=827 comm="android.hardwar" name="leds"
dev="sysfs" ino=27651 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir
denied { read } for pid=827 comm="android.hardwar" name="lcd-backlight"
dev="sysfs" ino=32041 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file
denied { read } for pid=827 comm="android.hardwar" name="max_brightness"
dev="sysfs" ino=32043 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file
denied { open } for pid=827 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file
denied { getattr } for pid=869 comm="init.radio.sh"
path="/system/bin/sh" dev="sda22" ino=466 scontext=u:r:init_radio:s0
tcontext=u:object_r:shell_exec:s0 tclass=file
denied { read } for pid=869 comm="init.radio.sh" path="/system/bin/sh"
dev="sda22" ino=466 scontext=u:r:init_radio:s0
tcontext=u:object_r:shell_exec:s0 tclass=file
denied { read } for pid=878 comm="android.hardwar" name="modalias"
dev="sysfs" ino=19754 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { open } for pid=878 comm="android.hardwar"
path="/sys/devices/soc/1d0101c.qcom,spss/modalias" dev="sysfs" ino=19754
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { write } for pid=678 comm="ramdump" name="ramdump" dev="sda45"
ino=1114113 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir
denied { search } for pid=702 comm="rmt_storage" name="rmt_storage"
dev="debugfs" ino=9892 scontext=u:r:rmt_storage:s0
tcontext=u:object_r:debugfs_rmt_storage:s0 tclass=dir
denied { setgid } for pid=703 comm="tftp_server" capability=6
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability
denied { setuid } for pid=703 comm="tftp_server" capability=7
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability
denied { append } for pid=703 comm="tftp_server" name="wake_lock"
dev="sysfs" ino=16525 scontext=u:r:rfs_access:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file
denied { open } for pid=703 comm="tftp_server"
path="/sys/power/wake_lock" dev="sysfs" ino=16525
scontext=u:r:rfs_access:s0 tcontext=u:object_r:sysfs_wake_lock:s0
tclass=file
denied { open } for pid=700 comm="sensors.qcom"
path="/sys/devices/soc/4080000.qcom,mss/subsys6/name" dev="sysfs"
ino=48392 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
denied { create } for pid=700 comm="sensors.qcom"
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=socket
denied { ioctl } for pid=700 comm="sensors.qcom" path="socket:[21942]"
dev="sockfs" ino=21942 ioctlcmd=c304 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket
denied { create } for pid=724 comm="pd-mapper" scontext=u:r:pd_mapper:s0
tcontext=u:r:pd_mapper:s0 tclass=socket
denied { ioctl } for pid=724 comm="pd-mapper" path="socket:[11465]"
dev="sockfs" ino=11465 ioctlcmd=c304 scontext=u:r:pd_mapper:s0
tcontext=u:r:pd_mapper:s0 tclass=socket
denied { net_bind_service } for pid=724 comm="pd-mapper" capability=10
scontext=u:r:pd_mapper:s0 tcontext=u:r:pd_mapper:s0 tclass=capability
denied { create } for pid=1 comm="init" name="b.1" scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file
denied { write } for pid=673 comm="ramdump" name="ramdump" dev="sda45"
ino=1114113 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir
denied { search } for pid=701 comm="rmt_storage"
name="0.qcom,rmtfs_sharedmem" dev="sysfs" ino=18392
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=dir
denied { read } for pid=702 comm="tftp_server" name="rfs" dev="sdd3"
ino=17 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir
denied { open } for pid=702 comm="tftp_server" path="/persist/rfs"
dev="sdd3" ino=17 scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir
denied { search } for pid=714 comm="sensors.qcom" name="sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { getattr } for pid=714 comm="sensors.qcom" path="/persist"
dev="sdd3" ino=2 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_file:s0 tclass=dir
denied { read } for pid=714 comm="sensors.qcom" name="sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { open } for pid=714 comm="sensors.qcom" path="/persist/sensors"
dev="sdd3" ino=12 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir
denied { read } for pid=714 comm="sensors.qcom" name="sensors"
dev="sda20" ino=186 scontext=u:r:sensors:s0
tcontext=u:object_r:system_file:s0 tclass=dir
denied { open } for pid=714 comm="sensors.qcom"
path="/vendor/etc/sensors" dev="sda20" ino=186 scontext=u:r:sensors:s0
tcontext=u:object_r:system_file:s0 tclass=dir
denied { read } for pid=699 comm="sensors.qcom" name="sensors"
dev="tmpfs" ino=22609 scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_device:s0 tclass=chr_file
denied { open } for pid=699 comm="sensors.qcom" path="/dev/sensors"
dev="tmpfs" ino=22609 scontext=u:r:sensors:s0
tcontext=u:object_r:sensors_device:s0 tclass=chr_file
denied { ioctl } for pid=699 comm="sensors.qcom" path="socket:[18642]"
dev="sockfs" ino=18642 ioctlcmd=c302 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket
denied { setgid } for pid=699 comm="sensors.qcom" capability=6
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability
denied { setuid } for pid=699 comm="sensors.qcom" capability=7
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability
denied { open } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { read } for pid=778 comm="android.hardwar" name="name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { open } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { getattr } for pid=778 comm="android.hardwar"
path="/sys/devices/soc/c900000.qcom,mdss_rotator/video4linux/video3/name"
dev="sysfs" ino=42413 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { create } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket
denied { setopt } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket
denied { bind } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket
denied { getattr } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_generic_socket
denied { search } for pid=705 comm="servicemanager" name="834"
dev="proc" ino=24031 scontext=u:r:servicemanager:s0
tcontext=u:r:wcnss_service:s0 tclass=dir
denied { read } for pid=705 comm="servicemanager" name="current"
dev="proc" ino=25351 scontext=u:r:servicemanager:s0
tcontext=u:r:wcnss_service:s0 tclass=file
denied { open } for pid=705 comm="servicemanager"
path="/proc/834/attr/current" dev="proc" ino=25351
scontext=u:r:servicemanager:s0 tcontext=u:r:wcnss_service:s0 tclass=file
denied { getattr } for pid=705 comm="servicemanager"
scontext=u:r:servicemanager:s0 tcontext=u:r:wcnss_service:s0
tclass=process
denied { call } for pid=834 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:per_mgr:s0 tclass=binder
denied { ioctl } for pid=925 comm="cnss-daemon" path="socket:[23136]"
dev="sockfs" ino=23136 ioctlcmd=c304 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=socket
denied { search } for pid=925 comm="cnss-daemon" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir
denied { read } for pid=925 comm="cnss-daemon" name="soc_id" dev="sysfs"
ino=49104 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file
denied { open } for pid=925 comm="cnss-daemon"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file
denied { search } for pid=840 comm="android.hardwar"
name="1d0101c.qcom,spss" dev="sysfs" ino=19751
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { search } for pid=844 comm="imsdatadaemon" name="soc0"
dev="sysfs" ino=49100 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=dir
denied { read } for pid=844 comm="imsdatadaemon" name="soc_id"
dev="sysfs" ino=49104 scontext=u:r:ims:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file
denied { write } for pid=840 comm="android.hardwar" name="uinput"
dev="tmpfs" ino=20491 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file
denied { open } for pid=840 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=20491 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file
denied { call } for pid=840 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder
denied { transfer } for pid=840 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder
denied { search } for pid=705 comm="servicemanager" name="840"
dev="proc" ino=24009 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=dir
denied { read } for pid=705 comm="servicemanager" name="current"
dev="proc" ino=24339 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=file
denied { open } for pid=705 comm="servicemanager"
path="/proc/840/attr/current" dev="proc" ino=24339
scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0
tclass=file
denied { write } for pid=1 comm="init" name="ipa" dev="tmpfs" ino=23659
scontext=u:r:init:s0 tcontext=u:object_r:ipa_dev:s0 tclass=chr_file
denied { ioctl } for pid=844 comm="imsdatadaemon" path="socket:[24380]"
dev="sockfs" ino=24380 ioctlcmd=c304 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket
denied { read } for pid=6117 comm="android.hardwar"
name="msm_fb_panel_info" dev="sysfs" ino=32082
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { search } for pid=6117 comm="android.hardwar"
name="c900000.qcom,mdss_rotator" dev="sysfs" ino=22026
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { write } for pid=5870 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket
denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0
tclass=netlink_generic_socket
denied { bind } for pid=1116 comm="lowi-server" scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=netlink_socket
denied { setopt } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket
denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0 tclass=netlink_socket
denied { create } for pid=1116 comm="lowi-server"
scontext=u:r:location:s0 tcontext=u:r:location:s0
tclass=netlink_generic_socket
denied { read } for pid=785 comm="adsprpcd" name="ion" dev="tmpfs"
ino=19881 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0
tclass=chr_file
denied { open } for pid=785 comm="adsprpcd" path="/dev/ion" dev="tmpfs"
ino=19881 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:ion_device:s0
tclass=chr_file
denied { read } for pid=785 comm="adsprpcd" name="adsprpc-smd"
dev="tmpfs" ino=19979 scontext=u:r:adsprpcd:s0
tcontext=u:object_r:qdsp_device:s0 tclass=chr_file
denied { open } for pid=785 comm="adsprpcd" path="/dev/adsprpc-smd"
dev="tmpfs" ino=19979 scontext=u:r:adsprpcd:s0
tcontext=u:object_r:qdsp_device:s0 tclass=chr_file
denied { create } for pid=786 comm="cnss_diag"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket
denied { bind } for pid=786 comm="cnss_diag"
scontext=u:r:wcnss_service:s0 tcontext=u:r:wcnss_service:s0
tclass=netlink_socket
denied { search } for pid=786 comm="cnss_diag" name="wifi" dev="sda45"
ino=638991 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:wifi_data_file:s0 tclass=dir
denied { write } for pid=786 comm="cnss_diag" name="wifi" dev="sda45"
ino=638991 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:wifi_data_file:s0 tclass=dir
denied { add_name } for pid=786 comm="cnss_diag" name="cnss_diag.conf"
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:wifi_data_file:s0
tclass=dir
denied { create } for pid=786 comm="cnss_diag" name="cnss_diag.conf"
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:wifi_data_file:s0
tclass=file
denied { search } for pid=809 comm="cnss-daemon" name="msm_subsys"
dev="sysfs" ino=16813 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { read } for pid=809 comm="cnss-daemon" name="devices"
dev="sysfs" ino=16815 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { write } for pid=1069 comm="tftp_server" name="mpss" dev="sdd3"
ino=20 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir
denied { add_name } for pid=1069 comm="tftp_server"
name="server_check.txt.rfs_tmp" scontext=u:r:rfs_access:s0
tcontext=u:object_r:persist_file:s0 tclass=dir
denied { remove_name } for pid=1069 comm="tftp_server"
name="server_check.txt.rfs_tmp" dev="sdd3" ino=31
scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir
denied { ioctl } for pid=788 comm="cnd" path="socket:[24072]"
dev="sockfs" ino=24072 ioctlcmd=c302 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket
denied { create } for pid=788 comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket
denied { write } for pid=831 comm="imsqmidaemon" name="property_service"
dev="tmpfs" ino=20215 scontext=u:r:ims:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { connectto } for pid=831 comm="imsqmidaemon"
path="/dev/socket/property_service" scontext=u:r:ims:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket
denied { set } for property=sys.ims.QMI_DAEMON_STATUS pid=831 uid=1000
gid=1001 scontext=u:r:ims:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service
denied { read } for pid=829 comm="adsprpcd" name="dsp" dev="sda20"
ino=360 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:system_file:s0
tclass=dir
denied { search } for pid=834 comm="qti" name="msm_subsys" dev="sysfs"
ino=16813 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir
denied { read } for pid=834 comm="qti" name="devices" dev="sysfs"
ino=16815 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir
denied { open } for pid=834 comm="qti"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { read } for pid=834 comm="qti" name="name" dev="sysfs" ino=32454
scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { open } for pid=834 comm="qti"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:qti:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { read } for pid=834 comm="qti" name="subsys6" dev="sysfs"
ino=48400 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file
denied { search } for pid=834 comm="qti" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir
denied { read } for pid=834 comm="qti" name="soc_id" dev="sysfs"
ino=49104 scontext=u:r:qti:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file
denied { read } for pid=850 comm="adsprpcd" name="dsp" dev="sda20"
ino=360 scontext=u:r:adsprpcd:s0 tcontext=u:object_r:system_file:s0
tclass=dir
denied { read write } for pid=856 comm="qti" name="rmnet_ctrl"
dev="tmpfs" ino=20972 scontext=u:r:qti:s0
tcontext=u:object_r:rmnet_device:s0 tclass=chr_file
denied { open } for pid=856 comm="qti" path="/dev/rmnet_ctrl"
dev="tmpfs" ino=20972 scontext=u:r:qti:s0
tcontext=u:object_r:rmnet_device:s0 tclass=chr_file
denied { read } for pid=871 comm="cnss-daemon" name="subsys0"
dev="sysfs" ino=32462 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file
denied { read } for pid=871 comm="cnss-daemon" name="name" dev="sysfs"
ino=32454 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { open } for pid=871 comm="cnss-daemon"
path="/sys/devices/soc/soc:qcom,ipa_fws@1e08000/subsys0/name"
dev="sysfs" ino=32454 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { search } for pid=854 comm="cnd" name="msm_subsys" dev="sysfs"
ino=16813 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir
denied { read } for pid=854 comm="cnd" name="devices" dev="sysfs"
ino=16815 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir
denied { open } for pid=854 comm="cnd"
path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16815
scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir
denied { read } for pid=854 comm="cnd" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=lnk_file
denied { read } for pid=854 comm="cnd" name="name" dev="sysfs" ino=32454
scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file
denied { search } for pid=799 comm="thermal-engine" name="soc0"
dev="sysfs" ino=49100 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=dir
denied { read } for pid=799 comm="thermal-engine" name="soc_id"
dev="sysfs" ino=49104 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_soc:s0 tclass=file
denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file
denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc0/soc_id" dev="sysfs" ino=49104
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file
denied { read write } for pid=799 comm="thermal-engine"
name="msm_thermal_query" dev="tmpfs" ino=20974
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:audio_device:s0
tclass=chr_file
denied { open } for pid=799 comm="thermal-engine"
path="/dev/msm_thermal_query" dev="tmpfs" ino=20974
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:audio_device:s0
tclass=chr_file
denied { read } for pid=799 comm="thermal-engine"
name="gpu_available_frequencies" dev="sysfs" ino=33232
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file
denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies"
dev="sysfs" ino=33232 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies"
dev="sysfs" ino=33232 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs:s0 tclass=file
denied { search } for pid=799 comm="thermal-engine" name="leds"
dev="sysfs" ino=27651 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=dir
denied { read } for pid=799 comm="thermal-engine" name="lcd-backlight"
dev="sysfs" ino=32041 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file
denied { read } for pid=799 comm="thermal-engine" name="max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file
denied { open } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file
denied { getattr } for pid=799 comm="thermal-engine"
path="/sys/devices/soc/c900000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/max_brightness"
dev="sysfs" ino=32043 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_leds:s0 tclass=file
denied { read write } for pid=804 comm="thermal-engine"
name="system_temp_level" dev="sysfs" ino=48764
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file
denied { setuid } for pid=808 comm="cnd" capability=7
scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability
denied { read } for pid=809 comm="netmgrd" name="subsys0" dev="sysfs"
ino=32462 scontext=u:r:netmgrd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file
denied { setgid } for pid=809 comm="netmgrd" capability=6
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability
denied { setgid } for pid=808 comm="cnd" capability=6
scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability
denied { setpcap } for pid=809 comm="netmgrd" capability=8
scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability
denied { search } for pid=809 comm="netmgrd" name="netmgr" dev="sda45"
ino=639036 scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgr_data_file:s0 tclass=dir
denied { write } for pid=809 comm="netmgrd" name="netmgr" dev="sda45"
ino=639036 scontext=u:r:netmgrd:s0
tcontext=u:object_r:netmgr_data_file:s0 tclass=dir
denied { add_name } for pid=809 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgr_data_file:s0
tclass=dir
denied { create } for pid=809 comm="netmgrd" name="log.txt"
scontext=u:r:netmgrd:s0 tcontext=u:object_r:netmgr_data_file:s0
tclass=file
denied { read } for pid=808 comm="cnd" name="meminfo" dev="proc"
ino=4026532074 scontext=u:r:cnd:s0 tcontext=u:object_r:proc_meminfo:s0
tclass=file
denied { getattr } for pid=803 comm="android.hardwar"
path="/dev/block/sda9" dev="tmpfs" ino=20515
scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
denied { read write } for pid=803 comm="android.hardwar" name="sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
denied { open } for pid=803 comm="android.hardwar" path="/dev/block/sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
denied { getattr } for pid=803 comm="android.hardwar"
path="/dev/block/sda3" dev="tmpfs" ino=20491
scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
denied { read write } for pid=803 comm="android.hardwar" name="sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
denied { open } for pid=803 comm="android.hardwar" path="/dev/block/sda"
dev="tmpfs" ino=20381 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file
Bug: 34784662
Test: The above denials are no longer present
Change-Id: Id13fa6e775fe3a50dd677fc46b2c7c36306a5330
30 lines
897 B
Plaintext
30 lines
897 B
Plaintext
type rmt_storage, domain;
|
|
type rmt_storage_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(rmt_storage)
|
|
|
|
wakelock_use(rmt_storage)
|
|
|
|
allow rmt_storage self:capability { net_bind_service setgid setpcap setuid };
|
|
|
|
allow rmt_storage sdd_block_device:blk_file rw_file_perms;
|
|
allow rmt_storage sdf_block_device:blk_file rw_file_perms;
|
|
allow rmt_storage uio_device:chr_file rw_file_perms;
|
|
|
|
allow rmt_storage sysfs_uio:dir r_dir_perms;
|
|
allow rmt_storage sysfs_uio:lnk_file r_file_perms;
|
|
|
|
allow rmt_storage sysfs_rmtfs:dir search;
|
|
allow rmt_storage sysfs_rmtfs:file r_file_perms;
|
|
allow rmt_storage sysfs_rmtfs:dir search;
|
|
|
|
allow rmt_storage debugfs_rmt_storage:dir search;
|
|
allow rmt_storage debugfs_rmt_storage:file w_file_perms;
|
|
|
|
allow rmt_storage self:socket create_socket_perms;
|
|
allowxperm rmt_storage self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
|
|
|
|
userdebug_or_eng(`
|
|
permissive rmt_storage;
|
|
')
|