diff options
author | DerfElot <frederic.koch@gmail.com> | 2017-04-04 00:56:46 +0200 |
---|---|---|
committer | DerfElot <frederic.koch@gmail.com> | 2017-04-05 08:45:31 +0200 |
commit | 9f18aa0362bc43ee7e2dc66d5bce6abc5685c617 (patch) | |
tree | a320193a52daa252fad97865b05cf79a77683050 /sepolicy | |
parent | 7da4b4ffcdc81be6029507bc5094fccebbc30141 (diff) |
shinano-common: fix more selinux denials
from logcat:
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:7): avc: denied { unlink } for name="log" dev="mmcblk0p24" ino=6403 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:8): avc: denied { unlink } for name=".version" dev="mmcblk0p24" ino=6404 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:9): avc: denied { unlink } for name="recovery.fstab" dev="mmcblk0p24" ino=6405 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:10): avc: denied { unlink } for name="storage.fstab" dev="mmcblk0p24" ino=6406 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 22:02:59.074 W/Thread-8(4352): type=1400 audit(0.0:11): avc: denied { unlink } for name="intent" dev="mmcblk0p24" ino=6408 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
04-03 21:05:50.971 E/SELinux (317): avc: denied { find } for service=account pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:account_service:s0 tclass=service_manager permissive=1
04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=user pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:user_service:s0 tclass=service_manager permissive=1
04-03 21:05:50.973 E/SELinux (317): avc: denied { find } for service=package pid=7644 uid=0 scontext=u:r:sudaemon:s0 tcontext=u:object_r:package_service:s0 tclass=service_manager permissive=1
Change-Id: If600b150dd004a5f7fb5336b1ab6b76e2a6ec5b3
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/sudaemon.te | 3 | ||||
-rw-r--r-- | sepolicy/system_server.te | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/sudaemon.te b/sepolicy/sudaemon.te new file mode 100644 index 0000000..2d6c82d --- /dev/null +++ b/sepolicy/sudaemon.te @@ -0,0 +1,3 @@ +allow sudaemon account_service:service_manager find; +allow sudaemon package_service:service_manager find; +allow sudaemon user_service:service_manager find; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index d499f98..f3fd273 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1,3 +1,5 @@ allow system_server sysfs_vibrator:file rw_file_perms; r_dir_file(system_server, sysfs_addrsetup) + +allow system_server unlabeled:file unlink; |