mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
bb8db79246
denied { connectto } for pid=1017 comm="qseecomd"
path=0074696D655F67656E6F6666 scontext=u:r:tee:s0
tcontext=u:r:time_daemon:s0 tclass=unix_stream_socket
denied { search } for pid=1017 comm="qseecomd" name="/" dev="sda4" ino=2
scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=dir
denied { search } for pid=744 comm="qseecomd" name="data" dev="sdd3"
ino=18 scontext=u:r:tee:s0 tcontext=u:object_r:persist_data_file:s0
tclass=dir
denied { write } for pid=9351 comm="logcat" name="logd" dev="tmpfs"
ino=19484 scontext=u:r:system_server:s0
tcontext=u:object_r:logd_socket:s0 tclass=sock_file
denied { search } for pid=1027 comm="perfd" name="fb0" dev="sysfs"
ino=35328 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_graphics:s0
tclass=dir
denied { read open } for pid=1027 comm="perfd" name="modes" dev="sysfs"
ino=35345 scontext=u:r:perfd:s0 tcontext=u:object_r:sysfs_graphics:s0
tclass=file
denied { set } for property=net.r_rmnet_data0.dns1 pid=1033 uid=1001
gid=3003 scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service
denied { use } for pid=1012 comm="netd" path="socket:[218939]"
dev="sockfs" ino=218939 scontext=u:r:netd:s0
tcontext=u:r:hal_gnss_qti:s0 tclass=fd
denied { write } for pid=649 comm="Binder:649_2" name="mtu" dev="sysfs"
ino=59120 scontext=u:r:netd:s0 tcontext=u:object_r:sysfs_net:s0
tclass=file
denied { append } for pid=1044 comm="mediaextractor"
path="pipe:[149334]" dev="pipefs" ino=149334
scontext=u:r:mediaextractor:s0 tcontext=u:r:dumpstate:s0
tclass=fifo_file
denied { use } for pid=1050 comm="omx@1.0-service" path="pipe:[149339]"
dev="pipefs" ino=149339 scontext=u:r:mediacodec:s0
tcontext=u:r:dumpstate:s0 tclass=fd
denied { read open } for pid=3893 comm="ims_rtp_daemon" name="ion"
dev="tmpfs" ino=18545 scontext=u:r:ims:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file
denied { connectto } for pid=3891 comm="imsdatadaemon"
path="/dev/socket/cnd" scontext=u:r:ims:s0 tcontext=u:r:cnd:s0
tclass=unix_stream_socket
denied { write } for pid=3891 comm="imsdatadaemon" name="cnd"
dev="tmpfs" ino=9756 scontext=u:r:ims:s0
tcontext=u:object_r:cnd_socket:s0 tclass=sock_file
denied { search } for pid=572 comm="android.hardwar" name="/"
dev="sde19" ino=1 scontext=u:r:hal_keymaster_qti:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir
denied { search } for pid=584 comm="android.hardwar" name="display"
dev="sda4" ino=43 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:persist_display_file:s0 tclass=dir
denied { connectto } for pid=664 comm="Loc_hal"
path="/dev/socket/netmgr/netmgr_connect_socket"
scontext=u:r:hal_gnss_qti:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket
denied { write } for pid=664 comm="Loc_hal" name="netmgr_connect_socket"
dev="tmpfs" ino=31960 scontext=u:r:hal_gnss_qti:s0
tcontext=u:object_r:netmgrd_socket:s0 tclass=sock_file
denied { search } for pid=571 comm="android.hardwar" name="/"
dev="sde19" ino=1 scontext=u:r:hal_gatekeeper_qti:s0
tcontext=u:object_r:firmware_file:s0 tclass=dir
denied { connectto } for pid=660 comm="HwBinder:660_1"
path="/dev/socket/perfd" scontext=u:r:hal_camera_default:s0
tcontext=u:r:perfd:s0 tclass=unix_stream_socket
denied { getattr } for pid=13003 comm="df" path="/dev/block/sde19"
dev="tmpfs" ino=21967 scontext=u:r:dumpstate:s0
tcontext=u:object_r:modem_block_device:s0 tclass=blk_file
denied { getattr } for pid=11969 comm="dumpstate" path="/proc/modules"
dev="proc" ino=4026532149 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_modules:s0 tclass=file
denied { getattr } for pid=13003 comm="df" path="/dev/block/sde28"
dev="tmpfs" ino=17995 scontext=u:r:dumpstate:s0
tcontext=u:object_r:system_block_device:s0 tclass=blk_file
denied { getattr } for pid=13003 comm="df" path="/persist" dev="sda4"
ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:persist_file:s0
tclass=dir
denied { search } for pid=11969 comm="dumpstate" name="leds" dev="sysfs"
ino=29583 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=dir
denied { create } for pid=12103 comm="ip" scontext=u:r:dumpstate:s0
tcontext=u:r:dumpstate:s0 tclass=netlink_xfrm_socket
denied { read } for pid=12106 comm="top" name="stat" dev="proc"
ino=4026532103 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_stat:s0 tclass=file
denied { sendto } for pid=8786 comm="wpa_supplicant"
path="/data/misc/wifi/sockets/wpa_ctrl_803-2"
scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:cnd:s0
tclass=unix_dgram_socket
denied { sendto } for pid=1032 comm="cnd" path="/dev/socket/wpa_wlan0"
scontext=u:r:cnd:s0 tcontext=u:r:hal_wifi_supplicant_default:s0
tclass=unix_dgram_socket
denied { set } for property=persist.sys.cnd.iwlan pid=1032 uid=1000
gid=1000 scontext=u:r:cnd:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service
Bug: 34784662
Test: The above denials are no longer seen
Change-Id: I91b9516bff32b8afae93e5af317a3ffe48709cf0
34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
type cnd, domain;
|
|
type cnd_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
file_type_auto_trans(cnd, socket_device, cnd_socket);
|
|
|
|
allow cnd self:capability { chown fsetid setgid setuid };
|
|
|
|
allow cnd self:udp_socket create_socket_perms;
|
|
allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;
|
|
|
|
# TODO(b/38227967): Potentially remove following 3 lines upon resolution of this bug
|
|
allow cnd wpa_socket:dir w_dir_perms;
|
|
allow cnd wpa_socket:sock_file create_file_perms;
|
|
allow cnd wifi_data_file:dir search;
|
|
|
|
allow cnd sysfs_soc:dir search;
|
|
allow cnd sysfs_soc:file r_file_perms;
|
|
|
|
allow cnd proc_meminfo:file r_file_perms;
|
|
|
|
r_dir_file(cnd, sysfs_msm_subsys)
|
|
set_prop(cnd, cnd_prop)
|
|
|
|
allow cnd self:socket create_socket_perms;
|
|
allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
|
|
|
|
# TODO(b/38227967): Potentially remove following line upon resolution of this bug
|
|
allow cnd hal_wifi_supplicant_default:unix_dgram_socket sendto;
|
|
|
|
init_daemon_domain(cnd)
|
|
|
|
# TODO(b/36613996): Remove this once system_app no longer communicates over sockets with cnd
|
|
typeattribute cnd socket_between_core_and_vendor_violators;
|