mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-01-31 20:10:27 +00:00
3914ca04bd
System_server is attempting to access a .so that is currently labeled as
a vendor file, which is messing up the ability of anything on the device
to interact with sensor services. This will temporarily be put into
permissive until the .so can be properly relabeled.
Denial:
denied { execute } for pid=1380 comm="system_server" path="/vendor/li
b64/liblocation_api.so" dev="sda20" ino=929
scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_file:s0
tclass=file
Bug: 37675139
Bug: 37669506
Test: adb shell dumpsys sensorservice works as expected
Change-Id: Ia13641dfaf4ab65f9060dc35b3778b9c88fb0242
32 lines
1.3 KiB
Plaintext
32 lines
1.3 KiB
Plaintext
allow system_server self:socket ioctl;
|
|
allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
|
|
|
|
# TODO(b/36867326): Remove this once system_server no longer communicates over binder
|
|
binder_call(system_server, per_mgr)
|
|
binder_call(system_server, folio_daemon)
|
|
|
|
allow system_server per_mgr_service:service_manager find;
|
|
|
|
# TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
|
|
typeattribute netmgrd socket_between_core_and_vendor_violators;
|
|
unix_socket_connect(system_server, netmgrd, netmgrd)
|
|
|
|
allow system_server netmgrd_socket:dir search;
|
|
allow system_server persist_file:dir search;
|
|
allow system_server persist_sensors_file:dir search;
|
|
allow system_server persist_sensors_file:file r_file_perms;
|
|
allow system_server location_data_file:dir create_dir_perms;
|
|
allow system_server location_data_file:file create_file_perms;
|
|
allow system_server wlan_device:chr_file rw_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
permissive system_server;
|
|
')
|
|
|
|
# TODO(b/30675296): Remove following dontaudit's upon resolution of this bug
|
|
# The timerslack_ns denials spam the system really horribly
|
|
dontaudit system_server audioserver:file write;
|
|
dontaudit system_server untrusted_app:file write;
|
|
dontaudit system_server hal_audio_default:file write;
|
|
dontaudit system_server appdomain:file write;
|