summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerfElot <frederic.koch@gmail.com>2017-04-04 00:56:46 +0200
committerDerfElot <frederic.koch@gmail.com>2017-04-05 08:45:31 +0200
commit9f18aa0362bc43ee7e2dc66d5bce6abc5685c617 (patch)
treea320193a52daa252fad97865b05cf79a77683050
parent7da4b4ffcdc81be6029507bc5094fccebbc30141 (diff)
shinano-common: fix more selinux denials
from logcat: 04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:7): avc: denied { unlink } for name="log" dev="mmcblk0p24" ino=6403 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:8): avc: denied { unlink } for name=".version" dev="mmcblk0p24" ino=6404 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:9): avc: denied { unlink } for name="recovery.fstab" dev="mmcblk0p24" ino=6405 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:10): avc: denied { unlink } for name="storage.fstab" dev="mmcblk0p24" ino=6406 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:11): avc: denied { unlink } for name="intent" dev="mmcblk0p24" ino=6408 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0 04-03 21:05:50.971 E/SELinux (317): avc: denied { find } for service=account pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:account_service:s0 tclass=service_manager permissive=1 04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=user pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1 04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=package pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:package_service:s0 tclass=service_manager permissive=1 Change-Id: If600b150dd004a5f7fb5336b1ab6b76e2a6ec5b3
-rw-r--r--sepolicy/sudaemon.te3
-rw-r--r--sepolicy/system_server.te2
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/sudaemon.te b/sepolicy/sudaemon.te
new file mode 100644
index 0000000..2d6c82d
--- /dev/null
+++ b/sepolicy/sudaemon.te
@@ -0,0 +1,3 @@
+allow sudaemon account_service:service_manager find;
+allow sudaemon package_service:service_manager find;
+allow sudaemon user_service:service_manager find;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index d499f98..f3fd273 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,3 +1,5 @@
allow system_server sysfs_vibrator:file rw_file_perms;
r_dir_file(system_server, sysfs_addrsetup)
+
+allow system_server unlabeled:file unlink;