Something went wrong on our end
Select Git revision
service_contexts
-
Ningyuan Wang authoredThis allows wificond to publish binder interface using service manager. Denial warnings: wificond: type=1400 audit(0.0:8): avc: denied { call } for scontext=u:r:wificond:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1 wificond: type=1400 audit(0.0:9): avc: denied { transfer } for scontext=u:r:wificond:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1 servicemanager: type=1400 audit(0.0:10): avc: denied { search } for name="6085" dev="proc" ino=40626 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=dir permissive=1 servicemanager: type=1400 audit(0.0:11): avc: denied { read } for name="current" dev="proc" ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=file permissive=1 servicemanager: type=1400 audit(0.0:12): avc: denied { open } for path="/proc/6085/attr/current" dev="proc" ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=file permissive=1 servicemanager: type=1400 audit(0.0:13): avc: denied { getattr } for scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=process permissive=1 SELinux : avc: denied { add } for service=wificond pid=6085 uid=0 scontext=u:r:wificond:s0 tcontext=u:object_r:wifi_service:s0 tclass=service_manager permissive=1 BUG=28867093 TEST=compile TEST=use a client to call wificond service through binder Change-Id: I9312892caff171f17b04c30a415c07036b39ea7fNingyuan Wang authoredThis allows wificond to publish binder interface using service manager. Denial warnings: wificond: type=1400 audit(0.0:8): avc: denied { call } for scontext=u:r:wificond:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1 wificond: type=1400 audit(0.0:9): avc: denied { transfer } for scontext=u:r:wificond:s0 tcontext=u:r:servicemanager:s0 tclass=binder permissive=1 servicemanager: type=1400 audit(0.0:10): avc: denied { search } for name="6085" dev="proc" ino=40626 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=dir permissive=1 servicemanager: type=1400 audit(0.0:11): avc: denied { read } for name="current" dev="proc" ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=file permissive=1 servicemanager: type=1400 audit(0.0:12): avc: denied { open } for path="/proc/6085/attr/current" dev="proc" ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=file permissive=1 servicemanager: type=1400 audit(0.0:13): avc: denied { getattr } for scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=process permissive=1 SELinux : avc: denied { add } for service=wificond pid=6085 uid=0 scontext=u:r:wificond:s0 tcontext=u:object_r:wifi_service:s0 tclass=service_manager permissive=1 BUG=28867093 TEST=compile TEST=use a client to call wificond service through binder Change-Id: I9312892caff171f17b04c30a415c07036b39ea7f
file.te 8.69 KiB
# Filesystem types
type labeledfs, fs_type;
type pipefs, fs_type;
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type;
# Security-sensitive proc nodes that should not be writable to most.
type proc_security, fs_type;
# Type for /proc/sys/vm/drop_caches
type proc_drop_caches, fs_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type;
type proc_iomem, fs_type;
type proc_net, fs_type;
type proc_sysrq, fs_type;
type proc_uid_cputime_showstat, fs_type;
type proc_uid_cputime_removeuid, fs_type;
type selinuxfs, fs_type, mlstrustedobject;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
type sysfs_mac_address, fs_type, sysfs_type;
# /sys/devices/system/cpu
type sysfs_devices_system_cpu, fs_type, sysfs_type;
# /sys/module/lowmemorykiller
type sysfs_lowmemorykiller, fs_type, sysfs_type;
type sysfs_zram, fs_type, sysfs_type;
type sysfs_zram_uevent, fs_type, sysfs_type;
type inotify, fs_type, mlstrustedobject;
type devpts, fs_type, mlstrustedobject;
type tmpfs, fs_type;
type shm, fs_type;
type mqueue, fs_type;
type fuse, sdcard_type, fs_type, mlstrustedobject;
type vfat, sdcard_type, fs_type, mlstrustedobject;
typealias fuse alias sdcard_internal;
typealias vfat alias sdcard_external;
type debugfs, fs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type;
type pstorefs, fs_type;
type functionfs, fs_type;
type oemfs, fs_type, contextmount_type;
type usbfs, fs_type;
type binfmt_miscfs, fs_type;
# File types
type unlabeled, file_type;
# Default type for anything under /system.
type system_file, file_type;
# Type for /system/bin/logcat.
type logcat_exec, exec_type, file_type;
# /cores for coredumps on userdebug / eng builds
type coredump_file, file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type;
# Unencrypted data
type unencrypted_data_file, file_type, data_file_type;
# /data/.layout_version or other installd-created files that
# are created in a system_data_file directory.
type install_data_file, file_type, data_file_type;
# /data/drm - DRM plugin data
type drm_data_file, file_type, data_file_type;