Allow system server to access tmpfs files
* For some reasons CachedAppOptimizer is throwing these kinds of denials [1] it wont probably hurt to allow access to tmpfs files since system server already have access to app domain and zygote tmpfs [1] avc: denied { write } for comm="CachedAppOptimi" dev="tmpfs" ino=34884 scontext=u:r:system_server:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=0 avc: denied { write } for comm="CachedAppOptimi" dev="tmpfs" ino=16233 scontext=u:r:system_server:s0 tcontext=u:object_r:zygote_tmpfs:s0 tclass=file permissive=0 Change-Id: I9207deadabb3bb4dc75be5215e32719a4346d1ca Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com> Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This commit is contained in:
parent
287dc96a95
commit
ff616e5beb
@ -22,7 +22,8 @@ type_transition system_server system_data_file:sock_file system_ndebug_socket "n
|
||||
# Create a socket for connections from zygotes.
|
||||
type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket";
|
||||
|
||||
allow system_server zygote_tmpfs:file { map read };
|
||||
allow system_server tmpfs:file { map read write };
|
||||
allow system_server zygote_tmpfs:file { map read write };
|
||||
allow system_server appdomain_tmpfs:file { getattr map read write };
|
||||
|
||||
# For Incremental Service to check if incfs is available
|
||||
|
@ -22,7 +22,8 @@ type_transition system_server system_data_file:sock_file system_ndebug_socket "n
|
||||
# Create a socket for connections from zygotes.
|
||||
type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket";
|
||||
|
||||
allow system_server zygote_tmpfs:file { map read };
|
||||
allow system_server tmpfs:file { map read write };
|
||||
allow system_server zygote_tmpfs:file { map read write };
|
||||
allow system_server appdomain_tmpfs:file { getattr map read write };
|
||||
|
||||
# For Incremental Service to check if incfs is available
|
||||
|
Loading…
Reference in New Issue
Block a user