summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authorSteven Lay <arbiter1000@gmail.com>2017-07-20 09:05:34 +0000
committerSteven Lay <arbiter1000@gmail.com>2017-07-21 02:54:51 +0000
commit768059d27a85eb9be40b6c9570193d9a9cb8ba72 (patch)
tree0e8b69437cbb6d0182fde1a9f7bbc3c887c9e88f /sepolicy
parent370c2bcd6bb97083881ed7da13f9958b88d7411c (diff)
shinano-common: fix selinux denial in credmgrd
Fixes the denial: avc: denied { append } for pid=327 comm="credmgrfirstboo" name= "credmgr.log" dev="mmcblk0p24" ino=12 scontext=u:r:credmgrd:s0 tcontext=u:object_r:cache_file:s0 tclass=file permissive=0 Also fixes issue with camera not working on first boot on aries. Change-Id: I726ff6a30745929f01f62d8504e0e0621e414ad7
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/credmgrd.te2
1 files changed, 1 insertions, 1 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index 5383834..78db47a 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -59,7 +59,7 @@ allow credmgrd ion_device:chr_file { ioctl open read };
#============= credmgr init script ==============
allow credmgrd cache_file:dir { add_name search };
-allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd cache_file:file { append create getattr open read unlink write };
allow credmgrd credmgrd_data_file:dir { add_name getattr relabelto reparent rename rmdir search };
allow credmgrd credmgrd_data_file:file { append getattr open read unlink write };
allow credmgrd credmgrd_prop:property_service set;