From b77a2922a22484f6b7b914893e884f2ac018d78e Mon Sep 17 00:00:00 2001 From: iusmac Date: Fri, 4 Mar 2022 11:28:21 +0100 Subject: [PATCH] sdm710-common: sepolicy: Address ueventd denials W ueventd : type=1400 audit(0.0:9): avc: denied { read } for name="/" dev="debugfs" ino=1 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=dir permissive=0 W ueventd : type=1400 audit(0.0:6): avc: denied { getattr } for path="/sys/kernel/debug/show_mem_notifier" dev="debugfs" ino=2235 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W ueventd : type=1400 audit(0.0:7): avc: denied { getattr } for path="/sys/kernel/debug/fault_around_bytes" dev="debugfs" ino=2234 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W ueventd : type=1400 audit(0.0:8): avc: denied { getattr } for path="/sys/kernel/debug/sleep_time" dev="debugfs" ino=13337 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W ueventd : type=1400 audit(0.0:9): avc: denied { getattr } for path="/sys/kernel/debug/suspend_stats" dev="debugfs" ino=13336 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W ueventd : type=1400 audit(0.0:10): avc: denied { getattr } for path="/sys/kernel/debug/sched_features" dev="debugfs" ino=12438 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs_sched_features:s0 tclass=file permissive=0 W ueventd : type=1400 audit(0.0:11): avc: denied { getattr } for path="/sys/kernel/debug/msm_apr_debug" dev="debugfs" ino=13320 scontext=u:r:ueventd:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Change-Id: I11ad4ebd0d2d290c5bc601309aad4509d8bd7bc1 Signed-off-by: iusmac --- sepolicy/vendor/ueventd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te index 45474d9..68742c4 100644 --- a/sepolicy/vendor/ueventd.te +++ b/sepolicy/vendor/ueventd.te @@ -1,3 +1,4 @@ allow ueventd debugfs:dir { getattr open read relabelfrom }; allow ueventd { debugfs debugfs_wakeup_sources }:file getattr; allow ueventd qti_debugfs:dir relabelto; +allow ueventd { debugfs debugfs_sched_features }:file getattr;