diff options
author | Tri Vo <trong@google.com> | 2019-04-16 12:02:44 -0700 |
---|---|---|
committer | Tri Vo <trong@google.com> | 2019-05-08 15:52:21 -0700 |
commit | ce984ed52232475dd60d5983e131351c7351625f (patch) | |
tree | f026a8817bc1ae1128a7af9db0bd11414e5ce7c8 | |
parent | 8c617be05f35d15a0f774fcf3d57f92b2a7f67fc (diff) | |
download | cuttlefish-ce984ed52232475dd60d5983e131351c7351625f.tar.gz |
vsoc_guest_region_e2e_test suppress /data/local/tmp denial
avc: denied { dac_override } for capability=1
scontext=u:r:vsoc_guest_region_e2e_test:s0
tcontext=u:r:vsoc_guest_region_e2e_test:s0 tclass=capability
permissive=0
Fixes: 130577243
Test: boot cuttlefish without above denial
Change-Id: I5b8eb65c3400d73107281a9befb7f0a6acb2b884
Merged-In: I5b8eb65c3400d73107281a9befb7f0a6acb2b884
(cherry picked from commit e3dfd4019c11718b3d9026ad989f5470c258d5af)
-rw-r--r-- | shared/sepolicy/vsoc_guest_region_e2e_test.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/shared/sepolicy/vsoc_guest_region_e2e_test.te b/shared/sepolicy/vsoc_guest_region_e2e_test.te index d4ab68fd3..db5749f48 100644 --- a/shared/sepolicy/vsoc_guest_region_e2e_test.te +++ b/shared/sepolicy/vsoc_guest_region_e2e_test.te @@ -7,3 +7,7 @@ init_daemon_domain(vsoc_guest_region_e2e_test) allow vsoc_guest_region_e2e_test region_e2e_test_device:chr_file rw_file_perms; allow vsoc_guest_region_e2e_test vendor_data_file:file { create_file_perms }; allow vsoc_guest_region_e2e_test vendor_data_file:dir { create_file_perms create_dir_perms }; + +# gtest checks access() on /data/local/tmp. However, vendor processes are +# neverallow'ed /data access outside of /data/vendor. +dontaudit vsoc_guest_region_e2e_test self:capability dac_override; |