From ed9e08dd8fa82253b865b364879b38698a653823 Mon Sep 17 00:00:00 2001 From: Hongbo Zeng Date: Mon, 31 Aug 2020 16:00:07 +0800 Subject: fix denials for wifi_hal_prop in cnd domain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: 162700455 Bug: 169204118 (stage-aosp-... and sunfish) Test: apply this patch and the original denials are gone Original denials: 08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:20): avc: denied { read } for name="u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455 08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:21): avc: denied { open } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455 08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:22): avc: denied { getattr } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455 08-31 15:18:17.135 17812 17812 I cnd : type=1400 audit(0.0:23): avc: denied { map } for path="/dev/__properties__/u:object_r:wifi_hal_prop:s0" dev="tmpfs" ino=27661 scontext=u:r:cnd:s0 tcontext=u:object_r:wifi_hal_prop:s0 tclass=file permissive=1 b/162700455 Exempt-From-Owner-Approval:‌ ‌cherry-pick Change-Id: Idabcde86600993f41b7fa82a95c12b93a816619d (cherry picked from commit ec5e567245697e0dd5c253b4d4c5d4abe5439ded) Merged-In: Idabcde86600993f41b7fa82a95c12b93a816619d --- vendor/qcom/common/cnd.te | 2 ++ 1 file changed, 2 insertions(+) (limited to 'vendor/qcom/common') diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te index 333ac60..473de1b 100644 --- a/vendor/qcom/common/cnd.te +++ b/vendor/qcom/common/cnd.te @@ -42,3 +42,5 @@ allow cnd self:{ netlink_generic_socket qipcrtr_socket } create_socket_perms_no_ioctl; + +dontaudit cnd wifi_hal_prop:file r_file_perms; -- cgit v1.2.3