diff options
| author | Geremy Condra <gcondra@google.com> | 2013-09-16 14:53:41 -0700 |
|---|---|---|
| committer | Geremy Condra <gcondra@google.com> | 2013-09-17 11:28:47 -0700 |
| commit | 3bb1ccc265bbc6e865506b38ae66721ec1177b55 (patch) | |
| tree | 219fffd16a9acaf16108d5453169b8b5cd4e1121 /netd.te | |
| parent | 13a74a3aea0387ff45f27291a9abca46952b9aa3 (diff) | |
| download | android_external_sepolicy-3bb1ccc265bbc6e865506b38ae66721ec1177b55.tar.gz android_external_sepolicy-3bb1ccc265bbc6e865506b38ae66721ec1177b55.tar.bz2 android_external_sepolicy-3bb1ccc265bbc6e865506b38ae66721ec1177b55.zip | |
Fix long-tail denials in enforcing domains.
The specific denials we see are:
denied { getattr } for pid=169 comm=""installd"" path=""/data/data/com.android.providers.downloads/cache/downloadfile.jpeg"" dev=""mmcblk0p23"" ino=602861 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file
denied { fsetid } for pid=598 comm=""netd"" capability=4 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
denied { read } for pid=209 comm=""installd"" name=""cache"" dev=""mmcblk0p28"" ino=81694 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir
Bug: 10786017
Change-Id: Ia5d0b6337f3de6a168ac0d5a77df2a1ac419ec29
Diffstat (limited to 'netd.te')
| -rw-r--r-- | netd.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3,7 +3,7 @@ type netd, domain; type netd_exec, exec_type, file_type; init_daemon_domain(netd) -allow netd self:capability { net_admin net_raw kill }; +allow netd self:capability { net_admin net_raw kill fsetid }; allow netd self:netlink_kobject_uevent_socket *; allow netd self:netlink_route_socket *; allow netd self:netlink_nflog_socket *; |