sepolicy: Fix 'avc denied' issues for the emulators
This commit fixes the avc denied issues in the emulators: - goldfish_setup is granted for network access - netd dontaudit for sys_module - qemu_prop is granted domain for get_prop Critical issue was that SELinux denied reading the lcd_density property by SurfaceFlinger via qemu_prop and this commit fixes it. Change-Id: I633d96f4d2ee6659f18482a53e21f816abde2a5f Signed-off-by: Miroslav Tisma <miroslav.tisma@imgtec.com>
This commit is contained in:
parent
6950168f1d
commit
36a76ec098
|
@ -1,3 +1,5 @@
|
|||
# For /sys/qemu_trace files in the emulator.
|
||||
allow domain sysfs_writable:file rw_file_perms;
|
||||
allow domain qemu_device:chr_file rw_file_perms;
|
||||
|
||||
get_prop(domain, qemu_prop)
|
||||
|
|
|
@ -13,6 +13,8 @@ allow goldfish_setup toolbox_exec:file rx_file_perms;
|
|||
allow goldfish_setup self:capability { net_admin net_raw };
|
||||
allow goldfish_setup self:udp_socket create_socket_perms;
|
||||
|
||||
net_domain(goldfish_setup)
|
||||
|
||||
# Set net.eth0.dns*, debug.sf.nobootanimation
|
||||
set_prop(goldfish_setup, system_prop)
|
||||
set_prop(goldfish_setup, debug_prop)
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
dontaudit netd self:capability sys_module;
|
Loading…
Reference in New Issue