diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2015-07-27 15:43:41 -0700 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2015-07-27 15:43:41 -0700 |
commit | 00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4 (patch) | |
tree | 59e140aa38d1fa98c121724183ab2bde46f1cb85 /sepolicy/file_contexts | |
parent | eebd18048be6b25c14005d3e25ad38321d27f548 (diff) | |
download | bullhead-00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4.tar.gz |
Selinux: give qmxd logger app access to diag device and logs
label /data/diag_logs
make /data/diag_logs an mlstrustedobject
QXDM logger runs as a platform app, and is now subject to
SELinux multi-user restrictions. Mark /data/diag_logs as being
safe to access from multiple Android users.
Addresses the following denials:
avc: denied { write } for name="rundiag" dev="dm-1" ino=1798722 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:diag_logs:s0 tclass=file permissive=0
avc: denied { setattr } for name="rundiag" dev="dm-1" ino=1798722 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:diag_logs:s0 tclass=file permissive=0
Bug: 21591724
Change-Id: Ib79380b4d27660cf23b1ab241ddd7e54f67247b7
Diffstat (limited to 'sepolicy/file_contexts')
-rw-r--r-- | sepolicy/file_contexts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index b2a4589..f7b2ead 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -9,6 +9,7 @@ /data/misc/location(/.*)? u:object_r:location_data_file:s0 /data/time(/.*)? u:object_r:time_data_file:s0 /data/ramdump(/.*)? u:object_r:ramdump_data_file:s0 +/data/diag_logs(/.*)? u:object_r:diag_logs:s0 # GPU device /dev/kgsl-3d0 u:object_r:gpu_device:s0 |