d3edfa00f0
The following SELinux denials are seen when booting into charger mode: type=1400 audit(1746.159:22): avc: denied { dac_read_search } for comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0 type=1400 audit(1746.159:23): avc: denied { dac_override } for comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0 type=1400 audit(1746.267:24): avc: denied { dac_read_search } for comm="init.qcom.usb.s" capability=2 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0 type=1400 audit(1746.267:25): avc: denied { dac_override } for comm="init.qcom.usb.s" capability=1 scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:r:vendor_qti_init_shell:s0 tclass=capability permissive=0 The DAC errors indicate that there is some kind of access, usually by root, to a file or directory where the ownership is given to another user/group which is not root. So since root may not have explicit permission to access it has to override the default access control which is flagged by SELinux. In charger mode, like in normal boot, the init.qcom.usb.sh script executes in the same process as init, so it is executing as root. The script is trying to read/write to the ConfigFS string entries. The fix for these denials is to ensure that any files/directories being accessed by the script give root permission to access the same. Hence remove the shell/shell ownership change when creating the USB gadget and config subdirectories in ConfigFS. While at it also remove mounting of ADB FFS and the ConfigFS function instance as we are not enabling ADB in charger mode. Change-Id: I33d6a9ce8e1bb4594a053156d46688ab11c5491d |
||
---|---|---|
.. | ||
etc | ||
Android.mk |