diff options
author | Mekala Natarajan <mekalan@codeaurora.org> | 2014-11-13 21:40:05 -0800 |
---|---|---|
committer | Iliyan Malchev <malchev@google.com> | 2014-11-17 20:42:23 -0800 |
commit | f4dfed6193299357358b3b1f3f77a604cffea670 (patch) | |
tree | 9ce4ddf4a33bb3b2f0886b2402b8e98c3e52c121 /BoardConfig.mk | |
parent | fc8976a3a74d35f93652468f1cb1dbbb6fb4c990 (diff) | |
download | shamu-f4dfed6193299357358b3b1f3f77a604cffea670.tar.gz |
sepolicy: Add sepolicy for ims daemons.
SEPolicy for following IMSdatadaemon warnings:
I/imsdatadaemon( 409): type=1400 audit(0.0:12): avc: denied {read } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsqmidaemon( 379): type=1400 audit(0.0:13): avc: denied {create } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsqmidaemon( 379): type=1400 audit(0.0:14): avc: denied {ioctl } for path="socket:[16424]" dev="sockfs" ino=16424 scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsqmidaemon( 379): type=1400 audit(0.0:15): avc: denied {write } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsqmidaemon( 1831): type=1400 audit(0.0:16): avc: denied {read } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsdatadaemon( 409): type=1400 audit(0.0:17): avc: denied {create } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=netlink_socket permissive=1
I/imsdatadaemon( 409): type=1400 audit(0.0:18): avc: denied {bind } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=netlink_socket permissive=1
I/imsdatadaemon( 1941): type=1400 audit(0.0:19): avc: denied {write } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=netlink_socket permissive=1
I/imsdatadaemon( 1941): type=1400 audit(0.0:20): avc: denied {net_admin } for capability=12 scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=capability permissive=1
I/imsdatadaemon( 1939): type=1400 audit(0.0:21): avc: denied {read } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=netlink_socket permissive=1
I/imsdatadaemon( 1939): type=1400 audit(0.0:22): avc: denied {read } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=netlink_socket permissive=1
I/imsdatadaemon( 2371): type=1400 audit(0.0:23): avc: denied { execute } for name="sh" dev="dm-0" ino=319 scontext=u:r:ims:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
I/imsdatadaemon( 2371): type=1400 audit(0.0:24): avc: denied { read open } for path="/system/bin/sh" dev="dm-0" ino=319 scontext=u:r:ims:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
I/imsdatadaemon( 2371): type=1400 audit(0.0:25): avc: denied { execute_no_trans } for path="/system/bin/sh" dev="dm-0" ino=319 scontext=u:r:ims:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
I/sh ( 2371): type=1400 audit(0.0:26): avc: denied { execute_no_trans } for path="/system/bin/ndc" dev="dm-0" ino=249 scontext=u:r:ims:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
I/ndc ( 2371): type=1400 audit(0.0:27): avc: denied { write } for name="netd" dev="tmpfs" ino=11550 scontext=u:r:ims:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=1
I/imsdatadaemon( 2371): type=1400 audit(0.0:24): avc: denied {read open } for path="/system/bin/sh" dev="dm-0" ino=319 scontext=u:r:ims:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
I/imsdatadaemon( 2371): type=1400 audit(0.0:25): avc: denied {execute_no_trans} for path="/system/bin/sh" dev="dm-0" ino=319 scontext=u:r:ims:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=1
I/sh ( 2371): type=1400 audit(0.0:26): avc: denied { execute_no_trans } for path="/system/bin/ndc" dev="dm-0" ino=249 scontext=u:r:ims:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
I/ndc ( 2371): type=1400 audit(0.0:27): avc: denied {write } for name="netd" dev="tmpfs" ino=11550 scontext=u:r:ims:s0 tcontext=u:object_r:netd_socket:s0 tclass=sock_file permissive=1
I/imsqmidaemon( 379): type=1400 audit(0.0:28): avc: denied {write}for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
I/imsqmidaemon( 1831): type=1400 audit(0.0:29): avc: denied {read } for scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=socket permissive=1
avc: denied { set } for property=sys.ims.QMI_DAEMON_STATUS scontext=u:r:ims:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
W/imsdatadaemon( 4451): type=1400 audit(0.0:6): avc: denied {write } for name="property_service" dev="tmpfs" ino=10346 scontext=u:r:ims:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/imsdatadaemon( 2433): type=1400 audit(0.0:6): avc: denied {connectto} for path="/dev/socket/property_service" scontext=u:r:ims:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=0
Bug: 18279330
Change-Id: Ia4a18384161291b7014f195366f288afc9ddec1c
Diffstat (limited to 'BoardConfig.mk')
-rw-r--r-- | BoardConfig.mk | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index f84efd6e..818f6ccb 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -123,6 +123,7 @@ BOARD_SEPOLICY_UNION += \ domain.te \ file.te \ gsiffd.te \ + ims.te \ irsc_util.te \ mdm_helper.te \ mediaserver.te \ @@ -130,6 +131,8 @@ BOARD_SEPOLICY_UNION += \ netd.te \ netmgrd.te \ platform_app.te \ + property.te \ + property_contexts \ qmux.te \ radio.te \ rild.te \ |