diff options
author | Tri Vo <trong@google.com> | 2021-07-12 15:53:15 -0700 |
---|---|---|
committer | Tri Vo <trong@google.com> | 2021-07-12 16:05:56 -0700 |
commit | a349a5eade12c246239c60bf554e8821aa4bba7e (patch) | |
tree | a59fbdde85cda1efcbbbed30f8acb5ea7ba466da /sepolicy | |
parent | 314e117b0add6df43baac460fb52da619b75376a (diff) | |
download | trusty-a349a5eade12c246239c60bf554e8821aa4bba7e.tar.gz |
Fix securedpud sepolicy denialsandroid-s-beta-4android-s-beta-3android-s-beta-4
Address following denials:
avc: denied { read } for comm="securedpud" name="system" dev="tmpfs"
ino=321 scontext=u:r:securedpud:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=1
avc: denied { open } for comm="securedpud" path="/dev/dma_heap/system"
dev="tmpfs" ino=321 scontext=u:r:securedpud:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=1
avc: denied { ioctl } for comm="securedpud" path="/dev/dma_heap/system"
dev="tmpfs" ino=321 ioctlcmd=0x4800 scontext=u:r:securedpud:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=1
Bug: 176508588
Test: m selinux_policy
Change-Id: Ibb1f07c6341920c061323105ea2486b516a18915
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/securedpud.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/securedpud.te b/sepolicy/securedpud.te index a682eef..73fe8de 100644 --- a/sepolicy/securedpud.te +++ b/sepolicy/securedpud.te @@ -3,5 +3,6 @@ type securedpud_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(securedpud) +allow securedpud dmabuf_system_heap_device:chr_file r_file_perms; allow securedpud ion_device:chr_file rw_file_perms; allow securedpud tee_device:chr_file rw_file_perms; |