Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Blame Permalink
  • Nick Kralevich's avatar
    967f39a6
    Move sysfs_devices_system_cpu to the central policy. · 967f39a6
    Nick Kralevich authored 
    Every device has a CPU. This is not device specific.

Allow every domain to read these files/directories.
For unknown reasons, these files are accessed by A LOT
of processes.

Allow ueventd to write to these files. This addresses
the following denials seen on mako:

<5>[    4.935602] type=1400 audit(1383167737.512:4): avc:  denied  { read } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.935785] type=1400 audit(1383167737.512:5): avc:  denied  { open } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.935937] type=1400 audit(1383167737.512:6): avc:  denied  { search } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.936120] type=1400 audit(1383167737.512:7): avc:  denied  { write } for  pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file
<5>[    4.936303] type=1400 audit(1383167737.512:8): avc:  denied  { open } for  pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file

Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936
    967f39a6
    History
    Move sysfs_devices_system_cpu to the central policy.
    Nick Kralevich authored 
    Every device has a CPU. This is not device specific.

Allow every domain to read these files/directories.
For unknown reasons, these files are accessed by A LOT
of processes.

Allow ueventd to write to these files. This addresses
the following denials seen on mako:

<5>[    4.935602] type=1400 audit(1383167737.512:4): avc:  denied  { read } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.935785] type=1400 audit(1383167737.512:5): avc:  denied  { open } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.935937] type=1400 audit(1383167737.512:6): avc:  denied  { search } for  pid=140 comm="ueventd" name="cpu0" dev="sysfs" ino=3163 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir
<5>[    4.936120] type=1400 audit(1383167737.512:7): avc:  denied  { write } for  pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file
<5>[    4.936303] type=1400 audit(1383167737.512:8): avc:  denied  { open } for  pid=140 comm="ueventd" name="uevent" dev="sysfs" ino=3164 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file

Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936