diff options
author | Hongbo Zeng <hongbozeng@google.com> | 2020-08-31 16:00:07 +0800 |
---|---|---|
committer | Raman Tenneti <rtenneti@google.com> | 2020-09-24 17:54:54 +0000 |
commit | ed9e08dd8fa82253b865b364879b38698a653823 (patch) | |
tree | 315e1605653eb5c73bd6541ca8dcbaac705b1c91 /vendor | |
parent | 66accd263ff17f8cb93f64acbed1b1e5e8edab6a (diff) | |
download | sunfish-sepolicy-ed9e08dd8fa82253b865b364879b38698a653823.tar.gz |
fix denials for wifi_hal_prop in cnd domain
Bug: 162700455
Bug: 169204118 (stage-aosp-... and sunfish)
Test: apply this patch and the original denials are gone
Original denials:
08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:20): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455
08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:21): avc: denied { open } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455
08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:22): avc: denied { getattr } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455
08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:23): avc: denied { map } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455
Exempt-From-Owner-Approval: cherry-pick
Change-Id: Idabcde86600993f41b7fa82a95c12b93a816619d
(cherry picked from commit ec5e567245697e0dd5c253b4d4c5d4abe5439ded)
Merged-In: Idabcde86600993f41b7fa82a95c12b93a816619d
Diffstat (limited to 'vendor')
-rw-r--r-- | vendor/qcom/common/cnd.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te index 333ac60..473de1b 100644 --- a/vendor/qcom/common/cnd.te +++ b/vendor/qcom/common/cnd.te @@ -42,3 +42,5 @@ allow cnd self:{ netlink_generic_socket qipcrtr_socket } create_socket_perms_no_ioctl; + +dontaudit cnd wifi_hal_prop:file r_file_perms; |