From 7e1e794bdf244bc2c799db3c279259f1c106e75c Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 14 Feb 2017 18:00:32 -0800 Subject: [PATCH] Adding search dir permission to system_server. Added allow rule to address following bootup denial: denied { search } for pid=3491 comm="system-server-i" name="sensors" dev="sdd3" ino=16 scontext=u:r:system_server:s0 tcontext=u:object_r:persist_sensors_file:s0 tclass=dir Bug: 34784662 Test: Above denial no longer appears in denial logs Change-Id: Id2a42d3dff150cd7e6f1120902d4d41f0e34e626 --- sepolicy/system_server.te | 1 + 1 file changed, 1 insertion(+) diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index bd617fe..2ce9c93 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -2,3 +2,4 @@ allow system_server self:socket ioctl; allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; allow system_server persist_sensors_file:file r_file_perms; +allow system_server persist_sensors_file:dir search;