From 1e1a3f7c585ac128ca4d7b9023a12264a0f13fda Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 16 Jan 2018 19:47:36 -0800
Subject: [PATCH] Annotate denials

There is a race condition between when /data is mounted
and when processes attempt to access it. Attempting to access
/data before it's mounted causes an selinux denial. Attribute
these denials to a bug.

07-04 23:48:53.646   503   503 I auditd  : type=1400 audit(0.0:7): avc:
denied { search } for comm="surfaceflinger" name="/" dev="sda35" ino=2
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:unlabeled:s0
tclass=dir permissive=0
07-15 17:41:18.100   582   582 I auditd  : type=1400 audit(0.0:4): avc:
denied { search } for comm="BootAnimation" name="/" dev="sda35" ino=2
scontext=u:r:bootanim:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
permissive=0

Bug: 68864350
Test: build
Change-Id: I07f751d54b854bdc72f3e5166442a5e21b3a9bf5
---
 private/bug_map | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/bug_map b/private/bug_map
index 8b3100120..2b970dd64 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -5,3 +5,7 @@ crash_dump app_data_file dir 68319037
 crash_dump bluetooth_data_file dir 68319037
 crash_dump vendor_overlay_file dir 68319037
 statsd statsd capability 71537285
+hal_graphics_allocator_default unlabeled dir 70180742
+surfaceflinger unlabeled dir 68864350
+hal_graphics_composer_default unlabeled dir 68864350
+bootanim unlabeled dir 68864350
-- 
GitLab