Fix securedpud sepolicy denialsandroid-s-beta-4 android-s-beta-3 android-s-beta-4

Address following denials: avc: denied { read } for comm="securedpud" name="system" dev="tmpfs" ino=321 scontext=u:r:securedpud:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { open } for comm="securedpud" path="/dev/dma_heap/system" dev="tmpfs" ino=321 scontext=u:r:securedpud:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for comm="securedpud" path="/dev/dma_heap/system" dev="tmpfs" ino=321 ioctlcmd=0x4800 scontext=u:r:securedpud:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 Bug: 176508588 Test: m selinux_policy Change-Id: Ibb1f07c6341920c061323105ea2486b516a18915
author: Tri Vo <trong@google.com> 2021-07-12 15:53:15 -0700
committer: Tri Vo <trong@google.com> 2021-07-12 16:05:56 -0700
commit: a349a5eade12c246239c60bf554e8821aa4bba7e (patch)
tree: a59fbdde85cda1efcbbbed30f8acb5ea7ba466da /sepolicy
parent: 314e117b0add6df43baac460fb52da619b75376a (diff)
download: trusty-a349a5eade12c246239c60bf554e8821aa4bba7e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/securedpud.te b/sepolicy/securedpud.te
index a682eef..73fe8de 100644
--- a/sepolicy/securedpud.te
+++ b/sepolicy/securedpud.te
@@ -3,5 +3,6 @@ type securedpud_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(securedpud)
 
+allow securedpud dmabuf_system_heap_device:chr_file r_file_perms;
 allow securedpud ion_device:chr_file rw_file_perms;
 allow securedpud tee_device:chr_file rw_file_perms;
author	Tri Vo <trong@google.com>	2021-07-12 15:53:15 -0700
committer	Tri Vo <trong@google.com>	2021-07-12 16:05:56 -0700
commit	a349a5eade12c246239c60bf554e8821aa4bba7e (patch)
tree	a59fbdde85cda1efcbbbed30f8acb5ea7ba466da /sepolicy
parent	314e117b0add6df43baac460fb52da619b75376a (diff)
download	trusty-a349a5eade12c246239c60bf554e8821aa4bba7e.tar.gz