diff options
author | Ruslan Trofymenko <ruslan.trofymenko@linaro.org> | 2018-08-10 23:27:20 +0000 |
---|---|---|
committer | Praneeth Bajjuri <praneeth@ti.com> | 2018-08-10 15:04:46 -0500 |
commit | 7622d03b60fefd099fad3ff1bbda337b7fbb973b (patch) | |
tree | aaacbff37cb00a8793d241c85c4a764a94888baf | |
parent | c8c80944c0a354c58e113923e2c3dbe5a5fab003 (diff) | |
download | am57xevm-7622d03b60fefd099fad3ff1bbda337b7fbb973b.tar.gz |
am57xevm: sepolicy: Fix vndservicemanager warning
SELinux was generating warnings about vndservicemanager attempts to
gain access to events tags storage (/dev/event-log-tags) for map
action. That used to happen once during a boot process in consequence
of initialisation selinux handler in module
frameworks/native/cmds/servicemanager/service_manager.c:
sehandle = selinux_android_vendor_service_context_handle();
In context of this initialisation the selinux_log function is performed
that causes a call to /dev/event-log-tags. Unwinding of followed calls
leads to __write_to_log_daemon function in module
system/core/liblog/logger_write.c This function contains the code which
interacts with EventTagMap data. As a result this code performs in
vndservicemanager context.
Sepolicy dontaudit for vndservicemanager for map action is generated.
Change-Id: I21cc555a44731b9734d09eff63eda447de2df366
Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
-rw-r--r-- | sepolicy/vndservicemanager.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/vndservicemanager.te b/sepolicy/vndservicemanager.te new file mode 100644 index 0000000..acfe0f0 --- /dev/null +++ b/sepolicy/vndservicemanager.te @@ -0,0 +1 @@ +dontaudit vndservicemanager runtime_event_log_tags_file:file map; |