diff options
| author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-18 14:09:36 -0800 |
|---|---|---|
| committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-18 14:19:06 -0800 |
| commit | 0b2e23d18029f59db3e02341fe2e227512e0f69c (patch) | |
| tree | 0f9318642f5a970d14eb466fa2463170bd96a46e | |
| parent | f962c694ea1e4e2c050a8f61b83cf72c7a5805fb (diff) | |
| download | picoimx-brillo-m10-dev.tar.gz | |
PicoIMX: Fix file permissions, SELinux policy.brillo-m10-releasebrillo-m10-dev
-Several text files had executable permissions. Remove the +x.
-Some domains are attempting to load kernel modules (which is
not allowed in Brillo), resulting in several denials like:
"""
denied { module_request } for kmod="personality-8" scontext=u:r:init:s0
tcontext=u:r:kernel:s0 tclass=system
"""
Stop auditing these denials to make it easier to diagnose real SELinux
issues.
-'allow mediaserver debug_prop:property_service set;' is not needed.
Bug: 27249509
Change-Id: Iced4d96b63bb100f5b7ec27b08cbf14d884e65df
| -rw-r--r--[-rwxr-xr-x] | fstab.device | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | init.freescale.rc | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | kernel-fsl.mk | 0 | ||||
| -rw-r--r-- | sepolicy/domain.te | 1 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/file_contexts | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/init.te | 0 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 1 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/misc.te | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/sensors.te | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/sensorservice.te | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/update_engine.te | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | ueventd.freescale.rc | 0 |
12 files changed, 1 insertions, 1 deletions
diff --git a/fstab.device b/fstab.device index 02b98bc..02b98bc 100755..100644 --- a/fstab.device +++ b/fstab.device diff --git a/init.freescale.rc b/init.freescale.rc index 1222d06..1222d06 100755..100644 --- a/init.freescale.rc +++ b/init.freescale.rc diff --git a/kernel-fsl.mk b/kernel-fsl.mk index 0356094..0356094 100755..100644 --- a/kernel-fsl.mk +++ b/kernel-fsl.mk diff --git a/sepolicy/domain.te b/sepolicy/domain.te new file mode 100644 index 0000000..c8d8d53 --- /dev/null +++ b/sepolicy/domain.te @@ -0,0 +1 @@ +dontaudit domain kernel:system module_request; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 1c29f2e..1c29f2e 100755..100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts diff --git a/sepolicy/init.te b/sepolicy/init.te index cccd7f3..cccd7f3 100755..100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te deleted file mode 100644 index 72acfbb..0000000 --- a/sepolicy/mediaserver.te +++ /dev/null @@ -1 +0,0 @@ -allow mediaserver debug_prop:property_service set; diff --git a/sepolicy/misc.te b/sepolicy/misc.te index 6fa24ba..6fa24ba 100755..100644 --- a/sepolicy/misc.te +++ b/sepolicy/misc.te diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te index 81fdf8a..81fdf8a 100755..100644 --- a/sepolicy/sensors.te +++ b/sepolicy/sensors.te diff --git a/sepolicy/sensorservice.te b/sepolicy/sensorservice.te index 0dc30c5..0dc30c5 100755..100644 --- a/sepolicy/sensorservice.te +++ b/sepolicy/sensorservice.te diff --git a/sepolicy/update_engine.te b/sepolicy/update_engine.te index 470e0d6..470e0d6 100755..100644 --- a/sepolicy/update_engine.te +++ b/sepolicy/update_engine.te diff --git a/ueventd.freescale.rc b/ueventd.freescale.rc index 967e40a..967e40a 100755..100644 --- a/ueventd.freescale.rc +++ b/ueventd.freescale.rc |