am57xevm: sepolicy: Fix vndservicemanager warning

SELinux was generating warnings about vndservicemanager attempts to gain access to events tags storage (/dev/event-log-tags) for map action. That used to happen once during a boot process in consequence of initialisation selinux handler in module frameworks/native/cmds/servicemanager/service_manager.c: sehandle = selinux_android_vendor_service_context_handle(); In context of this initialisation the selinux_log function is performed that causes a call to /dev/event-log-tags. Unwinding of followed calls leads to __write_to_log_daemon function in module system/core/liblog/logger_write.c This function contains the code which interacts with EventTagMap data. As a result this code performs in vndservicemanager context. Sepolicy dontaudit for vndservicemanager for map action is generated. Change-Id: I21cc555a44731b9734d09eff63eda447de2df366 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
author: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> 2018-08-10 23:27:20 +0000
committer: Praneeth Bajjuri <praneeth@ti.com> 2018-08-10 15:04:46 -0500
commit: 7622d03b60fefd099fad3ff1bbda337b7fbb973b (patch)
tree: aaacbff37cb00a8793d241c85c4a764a94888baf
parent: c8c80944c0a354c58e113923e2c3dbe5a5fab003 (diff)
download: am57xevm-7622d03b60fefd099fad3ff1bbda337b7fbb973b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/vndservicemanager.te b/sepolicy/vndservicemanager.te
new file mode 100644
index 0000000..acfe0f0
--- /dev/null
+++ b/sepolicy/vndservicemanager.te
@@ -0,0 +1 @@
+dontaudit vndservicemanager runtime_event_log_tags_file:file map;
author	Ruslan Trofymenko <ruslan.trofymenko@linaro.org>	2018-08-10 23:27:20 +0000
committer	Praneeth Bajjuri <praneeth@ti.com>	2018-08-10 15:04:46 -0500
commit	7622d03b60fefd099fad3ff1bbda337b7fbb973b (patch)
tree	aaacbff37cb00a8793d241c85c4a764a94888baf
parent	c8c80944c0a354c58e113923e2c3dbe5a5fab003 (diff)
download	am57xevm-7622d03b60fefd099fad3ff1bbda337b7fbb973b.tar.gz