PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adbd should be able to shutdown shell:unix_stream_socket

Browse Source 
adbd started calling shutdown and waiting for EOF before closing
sockets in commit 74b7ec72, because closing a TCP socket while you have
pending data to read is specified to send a TCP RST to the other end,
which can result in data that we've written into the socket to be
prematurely thrown away on the other end. Not being able to do so on a
Unix domain socket is benign, aside from the denial showing up in the
log.

Fixes the following selinux denial when installing a package:

  avc: denied { shutdown } for scontext=u:r:adbd:s0 tcontext=u:r:shell:s0 tclass=unix_stream_socket permissive=0

Test: manual
Change-Id: I266092a8323ac02bfe96738a8f4a8021f3a10387
This commit is contained in:
Josh Gao 2020-02-05 16:19:22 -08:00
parent f58e6777b2
commit b9c7001837
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
private/adbd.te
View File

@ -180,7 +180,7 @@ allow adbd perfetto_traces_data_file:dir r_dir_perms;
# Connect to shell and use a socket transferred from it.
# Used for e.g. abb.
allow adbd shell:unix_stream_socket { read write };
allow adbd shell:unix_stream_socket { read write shutdown };
allow adbd shell:fd use;
###