diff options
author | Ecco Park <eccopark@google.com> | 2017-03-22 13:52:57 -0700 |
---|---|---|
committer | Ecco Park <eccopark@google.com> | 2017-03-22 13:55:17 -0700 |
commit | 485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa (patch) | |
tree | 2b97f2487a386657f6f7c650a6b020d526b7ffe1 /sepolicy/cnss_diag.te | |
parent | 32a67ecc34db78bfe99dc42ac2126081170b1aef (diff) | |
download | marlin-485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa.tar.gz |
selinux: fix selinux denial message for cnss_diag
That log happens after changing the user/group to system
when running qxdm logger
Bug: 35326998
avc: denied { read } for pid=9979 comm="cnss_diag" name="timestamp_switch"
dev="sysfs" ino=24484
scontext=u:r:cnss_diag:s0 tcontext=u:object_r:sysfs:s0 tclass=file
permissive=0
igned-off-by: Ecco Park <eccopark@google.com>
Change-Id: If4aae7005333af4c5051033839b34673a9f00a6b
Diffstat (limited to 'sepolicy/cnss_diag.te')
-rw-r--r-- | sepolicy/cnss_diag.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/cnss_diag.te b/sepolicy/cnss_diag.te index 089013df..61fb9e78 100644 --- a/sepolicy/cnss_diag.te +++ b/sepolicy/cnss_diag.te @@ -7,6 +7,7 @@ init_daemon_domain(cnss_diag) allow cnss_diag self:capability { setgid setuid }; allow cnss_diag self:netlink_socket create_socket_perms_no_ioctl; +allow cnss_diag sysfs:file r_file_perms; # b/35877764 suppress the udp_socket denial message temproarily dontaudit cnss_diag self:udp_socket create; |