PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crash_dump: suppress denials on properties

Browse Source 
Addresses:
avc: denied { read } for comm="crash_dump64"
name="u:object_r:bluetooth_prop:s0" dev="tmpfs" ino=17280
scontext=u:r:crash_dump:s0 tcontext=u:object_r:bluetooth_prop:s0
tclass=file

Test: build
Change-Id: I176038ea6add34b5277305073a20f9c1a930e74b
This commit is contained in:
Jeff Vander Stoep 2019-02-07 08:42:53 -08:00
parent 87988fa6a6
commit 44f06601e8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/crash_dump.te
View File

@ -50,13 +50,14 @@ allow crash_dump tombstone_data_file:file { append getattr };
# which is super useful in some cases. # which is super useful in some cases.
unix_socket_connect(crash_dump, logdr, logd) unix_socket_connect(crash_dump, logdr, logd)
# Crash dump is not intended to access the following data types. Since these # Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs. # are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump { dontaudit crash_dump {
core_data_file_type core_data_file_type
vendor_file_type vendor_file_type
}:dir search; }:dir search;
dontaudit crash_dump system_data_file:file read; dontaudit crash_dump system_data_file:file read;
dontaudit crash_dump property_type:file read;
### ###
### neverallow assertions ### neverallow assertions