gts3l-common: sepolicy: Address some denials
This includes crash_dump, gmscore_app, and so on. Signed-off-by: Deokgyu Yang <secugyu@gmail.com> Change-Id: I97496ba8aa380d45c8374e52eba2050a757ec27d
This commit is contained in:
parent
85805b0000
commit
6d630439d2
5 changed files with 19 additions and 2 deletions
7
sepolicy/crash_dump.te
Normal file
7
sepolicy/crash_dump.te
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
allow crash_dump {
|
||||||
|
exported_camera_prop
|
||||||
|
gpu_device
|
||||||
|
hwservicemanager_prop
|
||||||
|
media_variant_prop
|
||||||
|
resourcecache_data_file
|
||||||
|
}:file r_file_perms;
|
|
@ -1 +1,7 @@
|
||||||
binder_call(gmscore_app, hal_memtrack_default);
|
binder_call(gmscore_app, hal_memtrack_default);
|
||||||
|
|
||||||
|
allow gmscore_app {
|
||||||
|
adbd_prop
|
||||||
|
apexd_prop
|
||||||
|
apk_verity_prop
|
||||||
|
}:file r_file_perms;
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
allow hal_wifi_default vendor_convergence_data_file:file { open read write };
|
allow hal_wifi_default vendor_convergence_data_file:file { open read write };
|
||||||
|
allow hal_wifi_default proc_net:file write;
|
||||||
|
|
|
@ -4,3 +4,6 @@ allow system_server userspace_reboot_config_prop:file { getattr open read };
|
||||||
allow system_server userspace_reboot_exported_prop:file { getattr open read };
|
allow system_server userspace_reboot_exported_prop:file { getattr open read };
|
||||||
|
|
||||||
allow system_server proc_last_kmsg:file r_file_perms;
|
allow system_server proc_last_kmsg:file r_file_perms;
|
||||||
|
|
||||||
|
allow system_server app_zygote:process getpgid;
|
||||||
|
allow system_server system_data_root_file:file r_file_perms;
|
||||||
|
|
|
@ -41,8 +41,8 @@ allow tee vaultkeeper_efs_file:file rw_file_perms;
|
||||||
allow tee vendor_data_file:dir create_dir_perms;
|
allow tee vendor_data_file:dir create_dir_perms;
|
||||||
allow tee vendor_data_file:file create_file_perms;
|
allow tee vendor_data_file:file create_file_perms;
|
||||||
|
|
||||||
allow tee gatekeeper_data_file:dir read;
|
allow tee gatekeeper_data_file:dir { read open };
|
||||||
allow tee gatekeeper_data_file:file getattr;
|
allow tee gatekeeper_data_file:file { getattr open read write };
|
||||||
|
|
||||||
get_prop(tee, hwservicemanager_prop)
|
get_prop(tee, hwservicemanager_prop)
|
||||||
set_prop(tee, vendor_qseecomd_prop)
|
set_prop(tee, vendor_qseecomd_prop)
|
||||||
|
|
Loading…
Reference in a new issue