Skip to content
Snippets Groups Projects
Commit b8d794a1 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

priv_app.te: drop auditallows on cache_recovery_file

This is actually used. Addresses the following SELinux audit logs:

  avc: granted { create } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
  avc: granted { add_name } for comm="Thread-157" name="uncrypt_file" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0 tclass=dir
  avc: granted { write } for comm="Thread-157" path="/cache/recovery/uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
  avc: granted { write } for comm="Thread-157" path="/cache/recovery/command" dev="mmcblk0p38" ino=23 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file
  avc: granted { setattr } for comm="Thread-157" name="uncrypt_file" dev="mmcblk0p38" ino=22 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_recovery_file:s0:c512,c768 tclass=file

Change-Id: Idab00ebc8eacd7d8bb793b9342249227f91986a1
parent c15e1036
Branches
Tags
No related merge requests found
...@@ -36,9 +36,6 @@ allow priv_app mnt_media_rw_file:dir search; ...@@ -36,9 +36,6 @@ allow priv_app mnt_media_rw_file:dir search;
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms; allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms; allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
auditallow priv_app cache_recovery_file:dir no_w_dir_perms;
auditallow priv_app cache_recovery_file:file no_w_file_perms;
# Access to /data/media. # Access to /data/media.
allow priv_app media_rw_data_file:dir create_dir_perms; allow priv_app media_rw_data_file:dir create_dir_perms;
allow priv_app media_rw_data_file:file create_file_perms; allow priv_app media_rw_data_file:file create_file_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment