diff options
author | SalmaxChang <salmaxchang@google.com> | 2021-06-18 21:25:21 +0800 |
---|---|---|
committer | SalmaxChang <salmaxchang@google.com> | 2021-06-18 21:25:21 +0800 |
commit | a6a1859de96577cbb89ca01bbfc8f61261b60125 (patch) | |
tree | 9e810e1286892e4f97f4ed0d0b955e10e877046e | |
parent | b87213bb0152032c1e28911c9bdcae230175a0f5 (diff) | |
download | sunfish-sepolicy-a6a1859de96577cbb89ca01bbfc8f61261b60125.tar.gz |
rfs_access: fix avc errors
avc: denied { dac_read_search } for comm="tftp_server" capability=2 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0
avc: denied { dac_override } for comm="tftp_server" capability=1 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0
Bug: 189167816
Change-Id: I738bb1c1699dd6d2e075fb0f822129d65328eb5a
-rw-r--r-- | tracking_denials/rfs_access.te | 3 | ||||
-rw-r--r-- | vendor/qcom/common/rfs_access.te | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/tracking_denials/rfs_access.te b/tracking_denials/rfs_access.te deleted file mode 100644 index 628fa4d..0000000 --- a/tracking_denials/rfs_access.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/189167816 -dontaudit rfs_access rfs_access:capability dac_read_search; -dontaudit rfs_access rfs_access:capability dac_override; diff --git a/vendor/qcom/common/rfs_access.te b/vendor/qcom/common/rfs_access.te index 97d138d..14cb6a7 100644 --- a/vendor/qcom/common/rfs_access.te +++ b/vendor/qcom/common/rfs_access.te @@ -17,3 +17,5 @@ allow rfs_access rfs_tombstone_data_file:file create_file_perms; allow rfs_access self:qipcrtr_socket create_socket_perms_no_ioctl; wakelock_use(rfs_access) + +dontaudit rfs_access self:capability { dac_override dac_read_search }; |