summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRuslan Trofymenko2019-05-14 00:15:46 -0500
committerPraneeth Bajjuri2019-05-13 18:16:15 -0500
commitbacff5f9d304f923d54cf51f5f993a732a076483 (patch)
treebfd6b78b74138deeb63784d03645d0c9743d721d
parent21b2eda1fef46ac13a4d6e829b5479be80c724ad (diff)
downloaddevice-ti-beagle-x15-bacff5f9d304f923d54cf51f5f993a732a076483.tar.gz
device-ti-beagle-x15-bacff5f9d304f923d54cf51f5f993a732a076483.tar.xz
device-ti-beagle-x15-bacff5f9d304f923d54cf51f5f993a732a076483.zip
beagle_x15: sepolicy: Access for init to /proc/cpu/alignment
init.rc contains a write instruction for managing the alignment: write /proc/cpu/alignment 4 As a result SELinux generates warning: avc: denied { write } for pid=1 comm="init" name="alignment" dev="proc" ino=4026532139 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 avc: denied { open } for pid=1 comm="init" path="/proc/cpu/alignment" dev="proc" ino=4026532139 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 The generated policy allows write access for 'init' to /proc/cpu/alignment Change-Id: I7f6104b77ce26061b1e749a397fb7046058d7909 Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
-rw-r--r--sepolicy/file_contexts2
-rw-r--r--sepolicy/init.te3
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 7ba2a32..48dd4e3 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -23,6 +23,8 @@
23/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/userdata u:object_r:userdata_block_device:s0 23/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/userdata u:object_r:userdata_block_device:s0
24/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/misc u:object_r:misc_block_device:s0 24/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/misc u:object_r:misc_block_device:s0
25 25
26/proc/cpu/alignment u:object_r:proc_cpu_alignment:s0
27
26/vendor/lib/libIMGegl.so u:object_r:same_process_hal_file:s0 28/vendor/lib/libIMGegl.so u:object_r:same_process_hal_file:s0
27/vendor/lib/libsrv_um.so u:object_r:same_process_hal_file:s0 29/vendor/lib/libsrv_um.so u:object_r:same_process_hal_file:s0
28/vendor/lib/libusc.so u:object_r:same_process_hal_file:s0 30/vendor/lib/libusc.so u:object_r:same_process_hal_file:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 6ca3454..a85907c 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -8,5 +8,8 @@ allow init vendor_file:system module_load;
8allow init configfs:file write; 8allow init configfs:file write;
9allow init configfs:lnk_file { create unlink } ; 9allow init configfs:lnk_file { create unlink } ;
10 10
11type proc_cpu_alignment, fs_type, sysfs_type;
12allow init proc_cpu_alignment:file { open read getattr write };
13
11dontaudit init proc:file write; 14dontaudit init proc:file write;
12dontaudit init self:capability dac_read_search; 15dontaudit init self:capability dac_read_search;