Simplify /dev/kmsg SELinux policy.
Bug: http://b/30317429 Change-Id: I5c499c48d5e321ebdf588a162d29e949935ad8ee Test: adb shell dmesg | grep ueventd
This commit is contained in:
parent
23d703eee3
commit
63b33dc2db
@ -51,7 +51,6 @@ type uio_device, dev_type;
|
||||
type tun_device, dev_type, mlstrustedobject;
|
||||
type usbaccessory_device, dev_type, mlstrustedobject;
|
||||
type usb_device, dev_type, mlstrustedobject;
|
||||
type klog_device, dev_type;
|
||||
type properties_device, dev_type;
|
||||
type properties_serial, dev_type;
|
||||
type i2c_device, dev_type;
|
||||
|
@ -136,7 +136,6 @@
|
||||
/dev/watchdog u:object_r:watchdog_device:s0
|
||||
/dev/xt_qtaguid u:object_r:qtaguid_device:s0
|
||||
/dev/zero u:object_r:zero_device:s0
|
||||
/dev/__kmsg__ u:object_r:klog_device:s0
|
||||
/dev/__properties__ u:object_r:properties_device:s0
|
||||
#############################
|
||||
# System files
|
||||
|
@ -41,8 +41,7 @@ allow kernel self:capability sys_resource;
|
||||
allow kernel self:capability sys_boot;
|
||||
allow kernel proc_sysrq:file w_file_perms;
|
||||
|
||||
# Allow writing to /dev/__kmsg__ which was created prior to
|
||||
# loading policy
|
||||
# Allow writing to /dev/kmsg which was created prior to loading policy.
|
||||
allow kernel tmpfs:chr_file write;
|
||||
|
||||
# Set checkreqprot by init.rc prior to switching to init domain.
|
||||
|
@ -3,10 +3,8 @@
|
||||
type ueventd, domain, domain_deprecated;
|
||||
tmpfs_domain(ueventd)
|
||||
|
||||
# TODO: why is ueventd using __kmsg__ when it should just create
|
||||
# and use /dev/kmsg instead?
|
||||
type_transition ueventd device:chr_file klog_device "__kmsg__";
|
||||
allow ueventd klog_device:chr_file { create open write unlink };
|
||||
# Write to /dev/kmsg.
|
||||
allow ueventd kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
|
||||
allow ueventd device:file create_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user