diff options
| author | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-03-11 00:12:34 +0100 |
|---|---|---|
| committer | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-03-11 00:43:43 +0100 |
| commit | 858ee59a8df8fe7172f186507490cac02549338b (patch) | |
| tree | cd631d5bda2cc691f72cc3be7d70f39dd3b93847 | |
| parent | f20b5809608b9d1125b6c7fad6616b54ad6108a0 (diff) | |
msm8996-common: Fix hal_bluetooth_default SELinux denials:
* avc: denied { write } for pid=484 comm=bluetooth@1.0-s name=bluedroid dev=sda10 ino=3465222 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0
Fix ims SELinux denials:
* avc: denied { set } for property=ctl.imsrcsd pid=715 uid=1000 gid=1000 scontext=u:r:ims:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service permissive=0
Fix vold SELinux denials:
* avc: denied { open } for path="/data/system_de/0/spblob/01e7bcfa0f8c0631.secdis" dev="sda10" ino=3031052 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
Fix system_app SELinux denials:
* avc: denied { call } for pid=6251 comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:wificond:s0 tclass=binder permissive=0
* avc: denied { find } for service=installd pid=6251 uid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:installd_service:s0 tclass=service_manager permissive=0
| -rw-r--r-- | sepolicy/hal_bluetooth_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/ims.te | 1 | ||||
| -rw-r--r-- | sepolicy/system_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/vold.te | 1 |
4 files changed, 4 insertions, 1 deletions
diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te index d7266e1..fbe2fb9 100644 --- a/sepolicy/hal_bluetooth_default.te +++ b/sepolicy/hal_bluetooth_default.te @@ -1,3 +1,3 @@ -allow hal_bluetooth_default bluetooth_data_file:dir search; +allow hal_bluetooth_default bluetooth_data_file:dir { search write }; allow hal_bluetooth_default bluetooth_data_file:file { append getattr open read write }; allow hal_bluetooth_default wcnss_filter:unix_stream_socket { connectto }; diff --git a/sepolicy/ims.te b/sepolicy/ims.te index d9d0cb0..00ed504 100644 --- a/sepolicy/ims.te +++ b/sepolicy/ims.te @@ -1 +1,2 @@ allow ims ims:capability net_raw; +allow ims ctl_default_prop:property_service set; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 44c918c..7de707d 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -1,2 +1,3 @@ allow system_app sysfs_fpc_proximity:file rw_file_perms; allow system_app time_daemon:unix_stream_socket connectto; +allow system_app wificond:binder call; diff --git a/sepolicy/vold.te b/sepolicy/vold.te index d2533cb..ef3c943 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1 +1,2 @@ allow vold persist_file:dir { ioctl open read }; +allow vold system_data_file:file { open }; |