diff options
author | Nilesh Poddar <npoddar@codeaurora.org> | 2015-01-21 16:13:29 -0800 |
---|---|---|
committer | Etan Cohen <etancohen@google.com> | 2015-02-18 14:22:49 -0800 |
commit | fa0f61e5ce0a1827bd279f1e46a384a54f397795 (patch) | |
tree | 52f3932d691cac11d0b8ad555d5fdbcb3a4b633f /sepolicy/file_contexts | |
parent | 2214fb9403093f4a2cfc47ffe6da5514d8645a1c (diff) | |
download | shamu-fa0f61e5ce0a1827bd279f1e46a384a54f397795.tar.gz |
Add sepolicy rules for cne and netmgr daemons
type=1400 audit(0.0:92): avc: denied { write } for name="cnd" dev="tmpfs" ino=10477 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421897629.744:92): avc: denied { write } for pid=1443 comm="CNEReceiver" name="cnd" dev="tmpfs" ino=10477 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421899275.556:4): avc: denied { setuid } for pid=380 comm="cnd" capability=7 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421899275.556:5): avc: denied { setgid } for pid=380 comm="cnd" capability=6 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421899313.314:158): avc: denied { net_raw } for pid=380 comm="cnd" capability=13 scontext=u:r:cnd:s0 tcontext=u:r:cnd:s0 tclass=capability permissive=1
type=1400 audit(1421900557.215:101): avc: denied { write } for pid=1488 comm="CNEReceiver" name="cnd" dev="tmpfs" ino=9790 scontext=u:r:system_app:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421900557.215:102): avc: denied { connectto } for pid=1488 comm="CNEReceiver" path="/dev/socket/cnd" scontext=u:r:system_app:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket permissive=1
type=1400 audit(1421897628.604:91): avc: denied { write } for pid=1120 comm="netmgrd" name="cnd" dev="tmpfs" ino=10477 scontext=u:r:netmgrd:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file permissive=1
type=1400 audit(1421899287.166:142): avc: denied { connectto } for pid=1387 comm="netmgrd" path="/dev/socket/cnd" scontext=u:r:netmgrd:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket permissive=1
type=1400 audit(1421897649.566:95): avc: denied { read } for pid=2479 comm="ip" name="rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
type=1400 audit(1421897649.566:96): avc: denied { open } for pid=2479 comm="ip" path="/data/misc/net/rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
type=1400 audit(1421897649.566:97): avc: denied { getattr } for pid=2479 comm="ip" path="/data/misc/net/rt_tables" dev="dm-0" ino=1126114 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file permissive=1
avc: denied { set } for property=net.r_rmnet_data0.dns1 scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
type=1400 audit(1421897727.456:102): avc: denied { nlmsg_write } for pid=2670 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket permissive=1
type=1400 audit(1421897749.966:106): avc: denied { nlmsg_read } for pid=2841 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket permissive=1
Change-Id: I03ef32f0aec23eaab011309983a0fad551a65a1a
Diffstat (limited to 'sepolicy/file_contexts')
-rw-r--r-- | sepolicy/file_contexts | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 97f42445..aa1195f8 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -157,3 +157,6 @@ /system/bin/imsdatadaemon u:object_r:ims_exec:s0 /system/bin/imsqmidaemon u:object_r:ims_exec:s0 + +/dev/socket/cnd u:object_r:cnd_socket:s0 +/system/bin/cnd u:object_r:cnd_exec:s0 |