From 0c479addf2fca2c2128e420162456bedac7bb598 Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 14 Feb 2017 19:17:51 -0800 Subject: [PATCH] Added audioserver.te and some allow rules and perfd_socket type Added allow rules for the following denials: denied { call } for pid=2460 comm="AudioOut_D" scontext=u:r:audioserver:s0 tcontext=u:r:bootanim:s0 tclass=binder denied { write } for pid=1464 comm="writer" name="perfd" dev="tmpfs" ino=11825 scontext=u:r:audioserver:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file Bug: 34784662 Test: The above denials are no longer seen in the selinux logs Change-Id: I4dc7c054d14e8a06d42167194cf211e0822bb3a9 --- sepolicy/audioserver.te | 3 +++ sepolicy/file.te | 1 + sepolicy/file_contexts | 1 + 3 files changed, 5 insertions(+) create mode 100644 sepolicy/audioserver.te diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te new file mode 100644 index 0000000..978b36e --- /dev/null +++ b/sepolicy/audioserver.te @@ -0,0 +1,3 @@ +binder_call(audioserver, bootanim) + +allow audioserver perfd_socket:sock_file write; diff --git a/sepolicy/file.te b/sepolicy/file.te index 4355c58..49397c5 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -2,6 +2,7 @@ type sysfs_graphics, sysfs_type, fs_type; type qmuxd_socket, file_type; type netmgrd_socket, file_type; type thermal_socket, file_type; +type perfd_socket, file_type; type firmware_file, fs_type, contextmount_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 04da4e7..1a7a4cc 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -36,6 +36,7 @@ /dev/socket/thermal-send-client u:object_r:thermal_socket:s0 /dev/socket/thermal-recv-client u:object_r:thermal_socket:s0 /dev/socket/thermal-recv-passive-client u:object_r:thermal_socket:s0 +/dev/socket/perfd u:object_r:perfd_socket:s0 # dev block nodes /dev/block/sdd[0-9]+ u:object_r:sdd_block_device:s0