PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23,444 Commits 17 Branches 0 Tags 42 MiB
1a3ee382ec
Commit Graph

5 Commits

Author SHA1 Message Date
Yan Wang
67e8fcc902 Using macro "rx_file_perms" instead of "execute_no_trans". 
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
 2020-01-09 13:23:01 -08:00
Yan Wang
7d844ee436 Add Selinux rule to allow iorapd to execute compiler. 
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
Change-Id: Idbd193483a106969a8a421150101efa00aee460d
 2020-01-09 12:43:18 -08:00
Jeff Vander Stoep
6742ab4e4e iorapd: add tmpfs type 
Fixes build breakage:
system/sepolicy/private/traced.te:36:ERROR 'unknown type iorapd_tmpfs' at token ';' on line 43166:

Bug: 123445058
Test: build marlin-userdebug
Change-Id: Iefeba03ed2efee92fb0d61214514338c6d999bd1
(cherry picked from commit 426ff11951)
 2019-01-26 12:55:13 -08:00
Primiano Tucci
79d1dbbc05 Allow iorapd to access perfetto 
This requires moving the type declaration of
perfetto traced to public, because iorapd
needs to refer to it.

Denials without this CL:
https://pastebin.com/raw/sxHMeLEU

Bug: 72170747
Test: 1. runcon u:r:iorapd:s0 iorap.cmd.perfetto \
          -v --output-proto /data/misc/iorapd/test
      2. Check that no selinux denials other than
         avc: denied { entrypoint } for path="/system/bin/iorap.cmd.perfetto" dev="sda6" ino=21 scontext=u:r:iorapd:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
         show up (this is a side-effect of runcon).

Change-Id: Iacd1ab201fe9fb2a6302dbd528f42f709cbca054
 2019-01-23 22:43:47 +00:00
Igor Murashkin
72a88b194c iorapd: Add new binder service iorapd. 
This daemon is very locked down. Only system_server can access it.

Bug: 72170747
Change-Id: I7b72b9191cb192be96001d84d067c28292c9688f
 2018-10-08 15:00:34 -07:00