donjohanliebert/device_xiaomi_sm6150-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sm6150-common: sepolicy: Modify sepolicy for toolbox to rm -rf /data/per_boot

Browse Source 
type=1400 audit(1581489923.612:571): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:572): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:573): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:574): avc: denied { getattr } for comm="rm" path="/data/per_boot/ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.616:575): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:576): avc: denied { remove_name } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.619:577): avc: denied { unlink } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.656:578): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I22706c63fb13ea2aae0cd9fe8b92edc578fd459e
Signed-off-by: Mimi Wu <mimiwu@google.com>
This commit is contained in:
Mimi Wu 2020-02-12 18:09:41 +08:00 committed by Arian
parent 73025604d6
commit 479a60f41c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sepolicy/vendor/toolbox.te vendored Normal file
View File

@ -0,0 +1,2 @@
allow toolbox per_boot_file:dir create_dir_perms;
allow toolbox per_boot_file:file create_file_perms;