rfs_access: fix avc errors

avc: denied { dac_read_search } for comm="tftp_server" capability=2 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0 avc: denied { dac_override } for comm="tftp_server" capability=1 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0 Bug: 189167816 Change-Id: I738bb1c1699dd6d2e075fb0f822129d65328eb5a
author: SalmaxChang <salmaxchang@google.com> 2021-06-18 21:25:21 +0800
committer: SalmaxChang <salmaxchang@google.com> 2021-06-18 21:25:21 +0800
commit: a6a1859de96577cbb89ca01bbfc8f61261b60125 (patch)
tree: 9e810e1286892e4f97f4ed0d0b955e10e877046e
parent: b87213bb0152032c1e28911c9bdcae230175a0f5 (diff)
download: sunfish-sepolicy-a6a1859de96577cbb89ca01bbfc8f61261b60125.tar.gz
2 files changed, 2 insertions, 3 deletions
diff --git a/tracking_denials/rfs_access.te b/tracking_denials/rfs_access.te
deleted file mode 100644
index 628fa4d..0000000
--- a/tracking_denials/rfs_access.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/189167816
-dontaudit rfs_access rfs_access:capability dac_read_search;
-dontaudit rfs_access rfs_access:capability dac_override;
diff --git a/vendor/qcom/common/rfs_access.te b/vendor/qcom/common/rfs_access.te
index 97d138d..14cb6a7 100644
--- a/vendor/qcom/common/rfs_access.te
+++ b/vendor/qcom/common/rfs_access.te
@@ -17,3 +17,5 @@ allow rfs_access rfs_tombstone_data_file:file create_file_perms;
 allow rfs_access self:qipcrtr_socket create_socket_perms_no_ioctl;
 
 wakelock_use(rfs_access)
+
+dontaudit rfs_access self:capability { dac_override dac_read_search };
author	SalmaxChang <salmaxchang@google.com>	2021-06-18 21:25:21 +0800
committer	SalmaxChang <salmaxchang@google.com>	2021-06-18 21:25:21 +0800
commit	a6a1859de96577cbb89ca01bbfc8f61261b60125 (patch)
tree	9e810e1286892e4f97f4ed0d0b955e10e877046e
parent	b87213bb0152032c1e28911c9bdcae230175a0f5 (diff)
download	sunfish-sepolicy-a6a1859de96577cbb89ca01bbfc8f61261b60125.tar.gz