diff options
| author | Adam Shih <adamshih@google.com> | 2019-07-05 19:58:38 +0800 |
|---|---|---|
| committer | Adam Shih <adamshih@google.com> | 2019-07-08 13:08:46 +0800 |
| commit | 54a5b0fc6c8be179ec12b7759fdaab9d7e268627 (patch) | |
| tree | 79ed2a4fb17acd212ab0b69975bc58e3ee7fb76c | |
| parent | ff737e820104f9adb62f6e4e1788429abfbfe7ec (diff) | |
| download | bonito-sepolicy-android10-dev.tar.gz | |
remove dumpstate citadel access error on user buildandroid10-dev
Bug: 132592593
Test: run cts android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I6d2fa9aa3ce0ac9482a0138407ec09bf3a05720f
Merged-In: I6d2fa9aa3ce0ac9482a0138407ec09bf3a05720f
| -rw-r--r-- | vendor/qcom/common/dumpstate.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_dumpstate_impl.te | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/vendor/qcom/common/dumpstate.te b/vendor/qcom/common/dumpstate.te index e515e04c..f150518e 100644 --- a/vendor/qcom/common/dumpstate.te +++ b/vendor/qcom/common/dumpstate.te @@ -16,4 +16,5 @@ allow dumpstate debugfs_mmc:dir search; allow dumpstate vendor_firmware_file:dir getattr; allow dumpstate vendor_firmware_file:filesystem getattr; +dontaudit dumpstate misc_logd_file:dir read; dontaudit dumpstate kernel:system module_request; diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te index d5e5918b..ea4d30d4 100644 --- a/vendor/qcom/common/hal_dumpstate_impl.te +++ b/vendor/qcom/common/hal_dumpstate_impl.te @@ -134,3 +134,23 @@ allow hal_dumpstate_impl debugfs_pmic:dir r_dir_perms; allow hal_dumpstate_impl debugfs_pmic:file r_file_perms; allow hal_dumpstate_impl dumpstate:fifo_file write; + +dontaudit hal_dumpstate_impl binder_device:chr_file rw_file_perms; +dontaudit hal_dumpstate_impl vndbinder_device:chr_file rw_file_perms; +dontaudit hal_dumpstate_impl property_socket:sock_file rw_file_perms; +dontaudit hal_dumpstate_impl radio_vendor_data_file:dir r_dir_perms; +dontaudit hal_dumpstate_impl radio_vendor_data_file:file r_file_perms; +dontaudit hal_dumpstate_impl netmgr_data_file:dir r_dir_perms; +dontaudit hal_dumpstate_impl netmgr_data_file:file r_file_perms; +dontaudit hal_dumpstate_impl vendor_modem_diag_prop:file rw_file_perms; +dontaudit hal_dumpstate_impl vendor_tcpdump_log_prop:file rw_file_perms; +dontaudit hal_dumpstate_impl sysfs_usb_device:dir r_dir_perms; +dontaudit hal_dumpstate_impl sysfs_usb_device:file r_file_perms; +dontaudit hal_dumpstate_impl ssr_log_file:dir search; +dontaudit hal_dumpstate_impl ssr_log_file:file r_file_perms; +dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms; +dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms; +dontaudit hal_dumpstate_impl perfstatsd_exec:file rx_file_perms; +dontaudit hal_dumpstate_impl perfstatsd_service:service_manager find; +dontaudit hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms; +dontaudit hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms; |