device_google_wahoo/sepolicy/system_app.te at 29a50004fa956fe1fb736262f4d4692a79cbb995 - device_google_wahoo - EvolutionX mirror

Evolution-x-devices/device_google_wahoo

mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-01-30 13:28:09 +00:00

Files

Max Bires 4496453740 Adding rules and contexts for following denials

denied { write } for pid=642 comm="ramdump"
path="/data/ramdump/RAMDUMP_STATUS" dev="sda10" ino=2342914
scontext=u:r:ramdump:s0 tcontext=u:object_r:ramdump_data_file:s0
tclass=file

denied { write } for pid=642 comm="ramdump" name="ramdump" dev="sda10"
ino=2342913 scontext=u:r:ramdump:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir

denied { read } for pid=662 comm="tftp_server" name="rfs" dev="sda4"
ino=13 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { setgid } for pid=662 comm="tftp_server" capability=6
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { setuid } for pid=662 comm="tftp_server" capability=7
scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability

denied { append } for pid=662 comm="tftp_server" name="wake_lock"
dev="sysfs" ino=15848 scontext=u:r:rfs_access:s0
tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

denied { open } for pid=662 comm="tftp_server"
path="/sys/power/wake_lock" dev="sysfs" ino=15848
scontext=u:r:rfs_access:s0 tcontext=u:object_r:sysfs_wake_lock:s0
tclass=file

denied { open } for pid=659 comm="sensors.qcom"
path="/sys/devices/soc/soc:qcom,kgsl-hyp/subsys3/name" dev="sysfs"
ino=33536 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { read } for pid=659 comm="sensors.qcom" name="name" dev="sysfs"
ino=33536 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs:s0
tclass=file

denied { create } for pid=659 comm="sensors.qcom"
scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=socket

denied { ioctl } for pid=659 comm="sensors.qcom" path="socket:[7725]"
dev="sockfs" ino=7725 ioctlcmd=c304 scontext=u:r:sensors:s0
tcontext=u:r:sensors:s0 tclass=socket

denied { create } for pid=1 comm="init" name="b.1" scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=lnk_file

denied { search } for pid=675 comm="sensors.qcom" name="sensors"
dev="sda4" ino=35 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { getattr } for pid=675 comm="sensors.qcom"
path="/persist/sensors" dev="sda4" ino=35 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_sensors_file:s0 tclass=dir

denied { search } for pid=813 comm="android.hardwar"
name="1d0101c.qcom,spss" dev="sysfs" ino=19070
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir

denied { write } for pid=813 comm="android.hardwar" name="uinput"
dev="tmpfs" ino=21871 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { open } for pid=813 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=21871 scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

denied { call } for pid=813 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { transfer } for pid=813 comm="android.hardwar"
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:servicemanager:s0
tclass=binder

denied { search } for pid=665 comm="servicemanager" name="813"
dev="proc" ino=18771 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=dir

denied { read } for pid=665 comm="servicemanager" name="current"
dev="proc" ino=22020 scontext=u:r:servicemanager:s0
tcontext=u:r:hal_fingerprint_default:s0 tclass=file

denied { open } for pid=665 comm="servicemanager"
path="/proc/813/attr/current" dev="proc" ino=22020
scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0
tclass=file

denied { write } for pid=1017 comm="tftp_server" name="mpss" dev="sda4"
ino=16 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir

denied { ioctl } for pid=782 comm="cnd" path="socket:[24734]"
dev="sockfs" ino=24734 ioctlcmd=c302 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { create } for pid=782 comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=socket

denied { ioctl } for pid=821 comm="imsdatadaemon" path="socket:[22036]"
dev="sockfs" ino=22036 ioctlcmd=c304 scontext=u:r:ims:s0
tcontext=u:r:ims:s0 tclass=socket

denied { create } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { setopt } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { bind } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { getattr } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { write } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { nlmsg_write } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { read } for pid=1151 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket

denied { write } for pid=3137 comm="CNEReceiver" name="cnd" dev="tmpfs"
ino=20431 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0
tclass=sock_file

denied { connectto } for pid=3137 comm="CNEReceiver"
path="/dev/socket/cnd" scontext=u:r:system_app:s0 tcontext=u:r:cnd:s0
tclass=unix_stream_socket

denied { read } for pid=736 comm="android.hardwar"
name="u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { open } for pid=736 comm="android.hardwar"
path="/dev/__properties__/u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { getattr } for pid=736 comm="android.hardwar"
path="/dev/__properties__/u:object_r:wc_prop:s0" dev="tmpfs" ino=21542
scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:wc_prop:s0
tclass=file

denied { open } for pid=736 comm="android.hardwar" path="/dev/btpower"
dev="tmpfs" ino=21482 scontext=u:r:hal_bluetooth_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { read write } for pid=736 comm="android.hardwar" name="btpower"
dev="tmpfs" ino=21482 scontext=u:r:hal_bluetooth_default:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { search } for pid=661 comm="rmt_storage"
name="0.qcom,rmtfs_sharedmem" dev="sysfs" ino=17715
scontext=u:r:rmt_storage:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=dir

denied { getattr } for pid=675 comm="sensors.qcom" path="/persist"
dev="sda4" ino=2 scontext=u:r:sensors:s0
tcontext=u:object_r:persist_file:s0 tclass=dir

denied { search } for pid=1030 comm="tftp_server" name="/" dev="sde5"
ino=1 scontext=u:r:rfs_access:s0 tcontext=u:object_r:firmware_file:s0
tclass=dir

denied { read write } for pid=1852 comm="Binder:1416_4"
path="socket:[43150]" dev="sockfs" ino=43150
scontext=u:r:cameraserver:s0 tcontext=u:r:system_server:s0
tclass=unix_stream_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I8656888b215eefad12069d19cb9ec1fc10022082

2017-03-22 10:56:52 -07:00

10 lines

250 B

Plaintext

Raw Blame History

 r_dir_file(system_app, sysfs_msm_subsys)
 unix_socket_connect(system_app, cnd, cnd)
 userdebug_or_eng(`
   allow system_app ramdump_data_file:dir r_dir_perms;
   allow system_app ramdump_data_file:file r_file_perms;
   get_prop(system_app, ssr_prop)
 ')