diff options
author | Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> | 2014-10-28 11:30:03 -0600 |
---|---|---|
committer | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-10-30 11:01:45 -0700 |
commit | 9d9c0b5e42580ee3d12c218d0fc114fbef2ddb20 (patch) | |
tree | c4bdfc9b42a8bc4894e606aa0475c35e729e984e /Android.mk | |
parent | 136e6638acac2caf08ee2850f0f1b1d97941a823 (diff) | |
download | android_device_qcom_sepolicy-9d9c0b5e42580ee3d12c218d0fc114fbef2ddb20.tar.gz android_device_qcom_sepolicy-9d9c0b5e42580ee3d12c218d0fc114fbef2ddb20.tar.bz2 android_device_qcom_sepolicy-9d9c0b5e42580ee3d12c218d0fc114fbef2ddb20.zip |
port-bridge: Fix denials seen on startup.
Move port-bridge to confined domain and add policies for denials seen
on startup
Allow operations on sockets
[ 21.705807] type=1400 audit(1637.259:22): avc: denied { create } for
pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
[ 21.707349] type=1400 audit(1637.259:23): avc: denied { bind } for
pid=993 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
[ 26.487757] type=1400 audit(1642.049:33): avc: denied { read } for
pid=1681 comm="port-bridge" scontext=u:r:port-bridge:s0 tcontext=
u:r:port-bridge:s0 tclass=netlink_kobject_uevent_socket permissive=1
Allow capabilities
[ 26.487857] type=1400 audit(1642.049:34): avc: denied { dac_override }
for pid=1679 comm="port-bridge" capability=1 scontext=u:r:port-bridge:s0
tcontext=u:r:port-bridge:s0 tclass=capability permissive=1
Allow operations on mhi transport
[ 26.488010] type=1400 audit(1642.049:35): avc: denied { read write }
for pid=1679 comm="port-bridge" name="mhi_pipe_32" dev="tmpfs" ino=12840
scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0
tclass=chr_file permissive=1
[ 26.488093] type=1400 audit(1642.049:36): avc: denied { open } for
pid=1679 comm="port-bridge" path="/dev/mhi_pipe_32" dev="tmpfs" ino=12840
scontext=u:r:port-bridge:s0 tcontext=u:object_r:mhi_device:s0
tclass=chr_file permissive=1
Allow operations on gadget serial device
[ 26.488203] type=1400 audit(1642.049:37): avc: denied { read write }
for pid=1679 comm="port-bridge" name="ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
[ 26.488267] type=1400 audit(1642.049:38): avc: denied { open } for
pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
[ 26.488333] type=1400 audit(1642.049:39): avc: denied { ioctl } for
pid=1679 comm="port-bridge" path="/dev/ttyGS0" dev="tmpfs" ino=10594
scontext=u:r:port-bridge:s0 tcontext=u:object_r:device:s0 tclass=chr_file
permissive=1
Change-Id: I7744f75943ebbd4e88193e7d34c9bbd1bf3e4478
Diffstat (limited to 'Android.mk')
-rw-r--r-- | Android.mk | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -28,6 +28,7 @@ BOARD_SEPOLICY_UNION := \ msm_irqbalanced.te \ qmuxd.te \ netmgrd.te \ + port-bridge.te \ atfwd.te \ radio.te \ smd_test.te \ |