Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-01-31 07:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c58dfb1de973b094b7b828b26068a40dd9d2f02
device_google_wahoo/sepolicy/system_server.te
Max Bires bc99e5b908 Adding allows to handle the following denials 
denied { write } for pid=10249 comm="secdiscard" name="sda45"
dev="tmpfs" ino=19911 scontext=u:r:vold:s0
tcontext=u:object_r:sda_block_device:s0 tclass=blk_file

denied { create read } for pid=9183 comm="time_daemon" name="ats_2"
scontext=u:r:time_daemon:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

denied { read write open } for pid=9183 comm="time_daemon" name="ats_2"
dev="sdd3" ino=33 scontext=u:r:time_daemon:s0
tcontext=u:object_r:persist_file:s0 tclass=file

denied { write add_name } for pid=9183 comm="time_daemon" name="time"
dev="sda45" ino=851969 scontext=u:r:time_daemon:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir

denied { write } for pid=5959 comm="Binder:1415_9" name="timerslack_ns"
dev="proc" ino=138483 scontext=u:r:system_server:s0
tcontext=u:r:isolated_app:s0:c512,c768 tclass=file

denied { write } for pid=5365 comm="Binder:1415_8" name="timerslack_ns"
dev="proc" ino=123305 scontext=u:r:system_server:s0
tcontext=u:r:logger_app:s0:c112,c256,c512,c768 tclass=file

denied { connectto } for pid=9161 comm="omm.timeservice"
path=0074696D655F67656E6F6666 scontext=u:r:system_app:s0
tcontext=u:r:time_daemon:s0 tclass=unix_stream_socket

denied { read } for pid=5123 comm="m.android.phone" name="vendor"
dev="sda22" ino=2749 scontext=u:r:radio:s0
tcontext=u:object_r:vendor_file:s0 tclass=lnk_file

denied { getattr read open } for pid=5123 comm="m.android.phone"
path="/vendor/framework/qti-vzw-ims-internal.jar" dev="sda20" ino=385
scontext=u:r:radio:s0 tcontext=u:object_r:vendor_framework_file:s0
tclass=file

denied { write } for pid=888 comm="perfd" name="default_pwrlevel"
dev="sysfs" ino=33408 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file

denied { read open } for pid=360 comm="kworker/u16:6"
name="synaptics_0.img" dev="sda20" ino=360 scontext=u:r:kernel:s0
tcontext=u:object_r:vendor_file:s0 tclass=file

denied  { read } for  pid=589 comm="init.power.sh" name="soc:qcom,cpubw"
dev="sysfs" ino=44524 scontext=u:r:init_power:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file

denied { open read } for pid=668 comm="init.power.sh"
path="/sys/class/devfreq" dev="sysfs" ino=28440
scontext=u:r:init_power:s0 tcontext=u:object_r:sysfs:s0 tclass=dir

denied { write open } for pid=760 comm="android.hardwar" name="wlan"
dev="tmpfs" ino=20256 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:wlan_device:s0 tclass=chr_file

denied { open getattr write } for comm="android.hardwar"
path="/sys/devices/soc/c17a000.i2c/i2c-6/6-005a/rtp_input" dev="sysfs"
ino=41310 scontext=u:r:hal_vibrator_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file

denied { ioctl } for pid=880 comm="android.hardwar" path="/dev/uinput"
dev="tmpfs" ino=20584 ioctlcmd=5564
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:uhid_device:s0 tclass=chr_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Id259bdcbf4cf7a93b8c98b8a06addb99385d7588
2017-04-10 15:39:09 -07:00

28 lines
1.2 KiB
Plaintext
Raw Blame History

allow system_server self:socket ioctl;
allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
# TODO(b/36867326): Remove this once system_server no longer communicates over binder
binder_call(system_server, per_mgr)
binder_call(system_server, folio_daemon)
allow system_server per_mgr_service:service_manager find;
# TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
typeattribute netmgrd socket_between_core_and_vendor_violators;
unix_socket_connect(system_server, netmgrd, netmgrd)
allow system_server netmgrd_socket:dir search;
allow system_server persist_file:dir search;
allow system_server persist_sensors_file:dir search;
allow system_server persist_sensors_file:file r_file_perms;
allow system_server location_data_file:dir create_dir_perms;
allow system_server location_data_file:file create_file_perms;
allow system_server wlan_device:chr_file rw_file_perms;
# TODO(b/30675296): Remove following dontaudit's upon resolution of this bug
# The timerslack_ns denials spam the system really horribly
dontaudit system_server audioserver:file write;
dontaudit system_server untrusted_app:file write;
dontaudit system_server hal_audio_default:file write;
dontaudit system_server appdomain:file write;
Reference in New Issue View Git Blame Copy Permalink