Added audioserver.te and some allow rules and perfd_socket type

Added allow rules for the following denials: denied { call } for pid=2460 comm="AudioOut_D" scontext=u:r:audioserver:s0 tcontext=u:r:bootanim:s0 tclass=binder denied { write } for pid=1464 comm="writer" name="perfd" dev="tmpfs" ino=11825 scontext=u:r:audioserver:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file Bug: 34784662 Test: The above denials are no longer seen in the selinux logs Change-Id: I4dc7c054d14e8a06d42167194cf211e0822bb3a9
2026-02-01 07:33:36 +00:00 · 2017-02-14 19:17:51 -08:00
parent d1c7c88427
commit 0c479addf2
3 changed files with 5 additions and 0 deletions
--- a/sepolicy/audioserver.te
+++ b/sepolicy/audioserver.te
@@ -0,0 +1,3 @@
+binder_call(audioserver, bootanim)
+
+allow audioserver perfd_socket:sock_file write;
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -2,6 +2,7 @@ type sysfs_graphics, sysfs_type, fs_type;
 type qmuxd_socket, file_type;
 type netmgrd_socket, file_type;
 type thermal_socket, file_type;
+type perfd_socket, file_type;

 type firmware_file, fs_type, contextmount_type;

--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -36,6 +36,7 @@
 /dev/socket/thermal-send-client                 u:object_r:thermal_socket:s0
 /dev/socket/thermal-recv-client                 u:object_r:thermal_socket:s0
 /dev/socket/thermal-recv-passive-client         u:object_r:thermal_socket:s0
+/dev/socket/perfd                               u:object_r:perfd_socket:s0

 # dev block nodes
 /dev/block/sdd[0-9]+                            u:object_r:sdd_block_device:s0