MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Adress IORap usap_pool denial

Browse source 
W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:rradios0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0

Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
iusmac 2022-03-23 22:47:28 +08:00 committed by pix106
parent 2e8cdba4e1
commit b0841be519
5 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sepolicy/private/untrusted_app.te Normal file
View file

@ -0,0 +1 @@
allow untrusted_app zygote:unix_stream_socket { getopt };

2
sepolicy/vendor/platform_app.te vendored
View file

@ -1 +1,3 @@
allow platform_app zygote:unix_stream_socket { getopt };
get_prop(platform_app, exported_camera_prop) get_prop(platform_app, exported_camera_prop)

1
sepolicy/vendor/priv_app.te vendored
View file

@ -1 +1,2 @@
allow priv_app sysfs_graphics:file { open read }; allow priv_app sysfs_graphics:file { open read };
allow priv_app zygote:unix_stream_socket { getopt };

1
sepolicy/vendor/system_app.te vendored
View file

@ -14,6 +14,7 @@ allow system_app sysfs_micgain:file rw_file_perms;
allow system_app sysfs_earpiecegain:file rw_file_perms; allow system_app sysfs_earpiecegain:file rw_file_perms;
allow system_app sysfs_zram:dir search; allow system_app sysfs_zram:dir search;
allow system_app sysfs_zram:file r_file_perms; allow system_app sysfs_zram:file r_file_perms;
allow system_app zygote:unix_stream_socket { getopt };
get_prop(system_app, system_prop); get_prop(system_app, system_prop);
set_prop(system_app, system_prop); set_prop(system_app, system_prop);

1
sepolicy/vendor/timeservice_app.te vendored Normal file
View file

@ -0,0 +1 @@
allow timeservice_app zygote:unix_stream_socket { getopt };