summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Diewald <Diewi@diewald-net.com>2017-11-22 23:30:49 +0100
committerArian <arian.kulmer@web.de>2019-10-07 11:11:29 +0200
commit13fbbb996afd006e770c55d40f92980dc78e9340 (patch)
treec65c9e24a0a87e5ed8db6c3405c1ff8c7f17123f
parent59df7fccadd0370cf09589f5b0a54beb5f91d352 (diff)
shinano: sepolicy: Allow mlog_qmi to access its own socket.
I mlog_qmi_servic: type=1400 audit(0.0:37): avc: denied { create } for scontext=u:r:mlog_qmi:s0 tcontext=u:r:mlog_qmi:s0 tclass=socket permissive=1 Change-Id: Ic659f526a436afd4509dea0a3780aa38f78b4875 Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
-rw-r--r--sepolicy/mlog_qmi.te4
1 files changed, 3 insertions, 1 deletions
diff --git a/sepolicy/mlog_qmi.te b/sepolicy/mlog_qmi.te
index d41a788..e8f84d1 100644
--- a/sepolicy/mlog_qmi.te
+++ b/sepolicy/mlog_qmi.te
@@ -5,7 +5,9 @@ type mlog_qmi_exec, exec_type, file_type;
init_daemon_domain(mlog_qmi)
allow mlog_qmi self:capability { net_raw net_bind_service };
-allow mlog_qmi self:socket create_socket_perms_no_ioctl;
+allow mlog_qmi self:socket create_socket_perms;
+# NOTE: using self:socket for the ioctl results in a denial
+allowxperm mlog_qmi mlog_qmi:socket ioctl mlog_qmi_ioctls;
# Access to /dev/smem_log
allow mlog_qmi smem_log_device:chr_file rw_file_perms;