diff options
| author | Nick Kralevich <nnk@google.com> | 2014-09-30 16:36:12 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-09-30 17:04:52 -0700 |
| commit | 44212f049d4ac5807b10271953259cb2256146c4 (patch) | |
| tree | d2b74fc9e15ee78193f3f61271aaf0868d7ac5e9 /init.shamu.rc | |
| parent | 509f0465985aa2217162b92f2ab598c35219923c (diff) | |
| download | shamu-44212f049d4ac5807b10271953259cb2256146c4.tar.gz | |
fix rild/capsense SELinux denials.
1) Due to bug 17682157, "\." isn't always acceptable in
sepolicy/file_contexts. Avoid escaping the regex to work
around the bug. The underlying bug is fixed in a future release.
This was preventing /sys/devices/cycapsense_prog.1/cycapsense_fw
from being properly labeled.
2) rild attempts to create /data/misc/audio_cutback/ for
communication between rild and mediaserver. Have init create
the directory on behalf of rild to avoid excessive permission
grants on /data/misc. Allow rild access to that directory.
3) Allow mediaserver access to the socket at
/data/misc/audio_cutback/cutback
4) Allow ril access to /sys/devices/mmi_sar_ctrl*/sar_wifi. This
completes the change started in 0f415ff34909ac3b65ea3f28dbdf2a8dc8670f67
Addresses the following denials:
<12>[ 22.655119] type=1400 audit(2777946.169:5): avc: denied { write } for pid=543 comm="qmi_motext_hook" name="cycapsense_fw" dev="sysfs" ino=13269 scontext=u:r:rild:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
<12>[ 22.965722] type=1400 audit(1412117761.380:5): avc: denied { getattr } for pid=580 comm="qmi_motext_hook" path="/sys/devices/cycapsense_prog.1/cycapsense_fw" dev="sysfs" ino=13269 scontext=u:r:rild:s0 tcontext=u:object_r:sysfs_capsense_update:s0 tclass=file permissive=0
<12>[ 14.147898] type=1400 audit(1412118208.404:3): avc: denied { write } for pid=591 comm="rild" name="misc" dev="dm-0" ino=997473 scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
<12>[ 14.166523] type=1400 audit(1412118208.404:4): avc: denied { add_name } for pid=591 comm="rild" name="audio_cutback" scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
<12>[ 14.183771] type=1400 audit(1412118208.404:5): avc: denied { create } for pid=591 comm="rild" name="audio_cutback" scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
<12>[ 14.201716] type=1400 audit(1412118208.404:6): avc: denied { setattr } for pid=591 comm="rild" name="audio_cutback" dev="dm-0" ino=997520 scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=1
<12>[ 14.221157] type=1400 audit(1412118208.404:7): avc: denied { create } for pid=591 comm="rild" name="cutback" scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=1
<12>[ 14.269596] type=1400 audit(1412118208.404:8): avc: denied { setattr } for pid=591 comm="rild" name="cutback" dev="dm-0" ino=997521 scontext=u:r:rild:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=1
<12>[ 30.299898] type=1400 audit(1412118224.554:9): avc: denied { write } for pid=1007 comm="AudioOut_2" name="cutback" dev="dm-0" ino=997521 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=sock_file permissive=1
<12>[ 37.383431] type=1400 audit(1412097736.396:6): avc: denied { write } for pid=2126 comm="rild" name="sar_wifi" dev="sysfs" ino=13249 scontext=u:r:rild:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
Change-Id: I4ee4046fdce174c043a8de18a64b7fcd31892aaf
Diffstat (limited to 'init.shamu.rc')
| -rw-r--r-- | init.shamu.rc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/init.shamu.rc b/init.shamu.rc index 4771cc83..b94041d5 100644 --- a/init.shamu.rc +++ b/init.shamu.rc @@ -97,6 +97,9 @@ on post-fs-data mkdir /data/ss-ram-dumps 0750 radio log mkdir /data/ss-ram-dumps/bp-dumps 0750 radio log + # rild files + mkdir /data/misc/audio_cutback 0770 radio audio + on early-boot # set RLIMIT_MEMLOCK to 64MB setrlimit 8 67108864 67108864 |