mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-01-30 13:28:09 +00:00
10bb91bd69
Denials dealt with:
denied { read } for pid=1174 comm="BootAnimation::" name="system"
dev="sda45" ino=3407873 scontext=u:r:bootanim:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir
denied { search } for pid=811 comm="cnd" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:cnd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir
denied { fsetid } for pid=811 comm="cnd" capability=4
scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability
denied { chown } for pid=811 comm="cnd" capability=0 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=capability
denied { read write } for pid=794 comm="android.hardwar" name="video3"
dev="tmpfs" ino=10129 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:video_device:s0 tclass=chr_file
denied { open } for pid=794 comm="android.hardwar" path="/dev/video3"
dev="tmpfs" ino=10129 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:video_device:s0 tclass=chr_file
denied { sendto } for pid=811 comm="cnd" path="/dev/socket/wpa_wlan0"
scontext=u:r:cnd:s0 tcontext=u:r:hal_wifi_supplicant_default:s0
tclass=unix_dgram_socket
denied { sendto } for pid=6516 comm="wpa_supplicant"
path="/data/misc/wifi/sockets/wpa_ctrl_811-1"
scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:cnd:s0
tclass=unix_dgram_socket
denied { ioctl } for pid=811 comm="cnd" path="socket:[108403]"
dev="sockfs" ino=108403 ioctlcmd=8921 scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=udp_socket
denied { create } for pid=811 comm="cnd" scontext=u:r:cnd:s0
tcontext=u:r:cnd:s0 tclass=udp_socket
denied { create } for pid=811 comm="cnd" name="wpa_ctrl_811-1"
scontext=u:r:cnd:s0 tcontext=u:object_r:wpa_socket:s0 tclass=sock_file
denied { add_name } for pid=811 comm="cnd" name="wpa_ctrl_811-1"
scontext=u:r:cnd:s0 tcontext=u:object_r:wpa_socket:s0 tclass=dir
denied { write } for pid=811 comm="cnd" name="sockets" dev="sda45"
ino=638992 scontext=u:r:cnd:s0 tcontext=u:object_r:wpa_socket:s0
tclass=dir
denied { search } for pid=811 comm="cnd" name="sockets" dev="sda45"
ino=638992 scontext=u:r:cnd:s0 tcontext=u:object_r:wpa_socket:s0
tclass=dir
denied { search } for pid=811 comm="cnd" name="wifi" dev="sda45"
ino=638991 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_data_file:s0
tclass=dir
denied { write } for pid=1551 comm="HwBinder:790_1" name="perfd"
dev="tmpfs" ino=23062 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:perfd_socket:s0 tclass=sock_file
denied { write } for pid=810 comm="imsqmidaemon" name="property_service"
dev="tmpfs" ino=18259 scontext=u:r:ims:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { connectto } for pid=810 comm="imsqmidaemon"
path="/dev/socket/property_service" scontext=u:r:ims:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket
denied { set } for property=sys.ims.QMI_DAEMON_STATUS pid=810 uid=1000
gid=1001 scontext=u:r:ims:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service
denied { ioctl } for pid=1114 comm="lowi-server" path="socket:[25101]"
dev="sockfs" ino=25101 ioctlcmd=8927 scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=udp_socket
denied { ioctl } for pid=1114 comm="lowi-server" path="socket:[25101]"
dev="sockfs" ino=25101 ioctlcmd=8be5 scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=udp_socket
denied { ioctl } for pid=6504 comm="lowi-server" path="socket:[90743]"
dev="sockfs" ino=90743 ioctlcmd=c304 scontext=u:r:location:s0
tcontext=u:r:location:s0 tclass=socket
denied { search } for pid=812 comm="netmgrd" name="soc0" dev="sysfs"
ino=49100 scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=dir
denied { read } for pid=3684 comm="csbootstraputil"
name="u:object_r:ims_prop:s0" dev="tmpfs" ino=10082
scontext=u:r:radio:s0 tcontext=u:object_r:ims_prop:s0 tclass=file
denied { open } for pid=3684 comm="csbootstraputil"
path="/dev/__properties__/u:object_r:ims_prop:s0" dev="tmpfs" ino=10082
scontext=u:r:radio:s0 tcontext=u:object_r:ims_prop:s0 tclass=file
denied { getattr } for pid=3684 comm="csbootstraputil"
path="/dev/__properties__/u:object_r:ims_prop:s0" dev="tmpfs" ino=10082
scontext=u:r:radio:s0 tcontext=u:object_r:ims_prop:s0 tclass=file
denied { write } for pid=669 comm="ramdump" name="property_service"
dev="tmpfs" ino=18259 scontext=u:r:ramdump:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { connectto } for pid=669 comm="ramdump"
path="/dev/socket/property_service" scontext=u:r:ramdump:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket
denied { set } for property=debug.htc.hrdump pid=669 uid=0 gid=0
scontext=u:r:ramdump:s0 tcontext=u:object_r:debug_prop:s0
tclass=property_service
denied { setattr } for pid=688 comm="tftp_server" name="rfs" dev="sdd3"
ino=17 scontext=u:r:rfs_access:s0 tcontext=u:object_r:persist_file:s0
tclass=dir
denied { search } for pid=931 comm="thermal-engine"
name="0.qcom,rmtfs_sharedmem" dev="sysfs" ino=18392
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_rmtfs:s0
tclass=dir
Bug: 34784662
Test: The above denials are no longer present
Change-Id: I6977fc0bf94bc68cdbc081ca7771ff6c91cc9805
32 lines
998 B
Plaintext
32 lines
998 B
Plaintext
type thermal-engine, domain;
|
|
type thermal-engine_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(thermal-engine)
|
|
|
|
allow thermal-engine self:capability2 block_suspend;
|
|
|
|
# to read /sys/devices
|
|
allow thermal-engine sysfs:dir r_dir_perms;
|
|
|
|
allow thermal-engine sysfs_msm_subsys:dir r_dir_perms;
|
|
allow thermal-engine sysfs_msm_subsys:file rw_file_perms;
|
|
allow thermal-engine sysfs_soc:dir search;
|
|
allow thermal-engine sysfs_soc:file r_file_perms;
|
|
allow thermal-engine sysfs_thermal:dir r_dir_perms;
|
|
allow thermal-engine sysfs_thermal:file rw_file_perms;
|
|
allow thermal-engine sysfs_rmtfs:dir search;
|
|
allow thermal-engine sysfs_rmtfs:file r_file_perms;
|
|
|
|
allow thermal-engine audio_device:chr_file rw_file_perms;
|
|
|
|
r_dir_file(thermal-engine, sysfs_leds)
|
|
r_dir_file(thermal-engine, sysfs_msm_subsys)
|
|
r_dir_file(thermal-engine, sysfs_uio)
|
|
|
|
allow thermal-engine self:socket create_socket_perms;
|
|
allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
|
|
|
|
userdebug_or_eng(`
|
|
permissive thermal-engine;
|
|
')
|