From 837f5ca200f156b9361435c5b9490cd98fbd9aa2 Mon Sep 17 00:00:00 2001 From: pix106 Date: Fri, 10 Sep 2021 14:00:33 +0200 Subject: [PATCH] sdm660-common: sepolicy: Address vendor_init persist_file denials avc: denied { read } for comm="init" name="persist" dev="mmcblk0p13" ino=47 scontext=u:r:vendor_init:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 Signed-off-by: pix106 --- sepolicy/vendor/vendor_init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 7c7af021..3691982e 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -7,6 +7,7 @@ allow vendor_init { }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; allow vendor_init tee_device:chr_file getattr; +allow vendor_init persist_file:lnk_file r_file_perms; allow vendor_init proc:file w_file_perms; get_prop(vendor_init, hal_fingerprint_prop)