diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2015-07-28 15:50:13 -0700 |
|---|---|---|
| committer | Jeff Vander Stoep <jeffv@google.com> | 2015-07-28 16:38:57 -0700 |
| commit | 0dfebcc338e789473692a1e85042c9877c926abd (patch) | |
| tree | 43f2046576f3fc54b21b493ec7aeb6d854c81644 /init.bullhead.fp.rc | |
| parent | 447f98b80ae1df0d5176c809f0a42d0699e87795 (diff) | |
| download | bullhead-0dfebcc338e789473692a1e85042c9877c926abd.tar.gz | |
selinux: label fingerprint data files
/data/fpc and /data/fpc_tpl should have the fingerprintd_data_file label
Have init create /data/fpc to avoid giving tee dir write permissions
to system_data_file.
avc: denied { write } for pid=406 comm="qseecomd" name="/" dev="dm-2" ino=2 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=406 comm="qseecomd" name="fpc" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=406 comm="qseecomd" name="fpc" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=406 comm="qseecomd" name="global.db" scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
avc: denied { write open } for pid=406 comm="qseecomd" path="/data/fpc/global.db" dev="dm-2" ino=662258 scontext=u:r:tee:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
Bug: 22416042
Change-Id: I3a8d40f10998fd60eb779ebdbb4a9d5a11274341
Diffstat (limited to 'init.bullhead.fp.rc')
| -rw-r--r-- | init.bullhead.fp.rc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/init.bullhead.fp.rc b/init.bullhead.fp.rc index ae0f750..533605c 100644 --- a/init.bullhead.fp.rc +++ b/init.bullhead.fp.rc @@ -20,3 +20,4 @@ on boot on post-fs-data mkdir /data/fpc_tpl 770 system system + mkdir /data/fpc 0660 system system |