aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Vander Stoep2018-01-16 21:47:36 -0600
committerJeff Vander Stoep2018-01-16 21:47:36 -0600
commit1e1a3f7c585ac128ca4d7b9023a12264a0f13fda (patch)
tree6bc4ea92d4c18be8e5f50e3cc8998f84c7275770 /private/bug_map
parent97753529fdcb96e2c8c691d89069710ce75c3fcb (diff)
downloadsystem-sepolicy-1e1a3f7c585ac128ca4d7b9023a12264a0f13fda.tar.gz
system-sepolicy-1e1a3f7c585ac128ca4d7b9023a12264a0f13fda.tar.xz
system-sepolicy-1e1a3f7c585ac128ca4d7b9023a12264a0f13fda.zip
Annotate denials
There is a race condition between when /data is mounted and when processes attempt to access it. Attempting to access /data before it's mounted causes an selinux denial. Attribute these denials to a bug. 07-04 23:48:53.646 503 503 I auditd : type=1400 audit(0.0:7): avc: denied { search } for comm="surfaceflinger" name="/" dev="sda35" ino=2 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0 07-15 17:41:18.100 582 582 I auditd : type=1400 audit(0.0:4): avc: denied { search } for comm="BootAnimation" name="/" dev="sda35" ino=2 scontext=u:r:bootanim:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0 Bug: 68864350 Test: build Change-Id: I07f751d54b854bdc72f3e5166442a5e21b3a9bf5
Diffstat (limited to 'private/bug_map')
-rw-r--r--private/bug_map4
1 files changed, 4 insertions, 0 deletions
diff --git a/private/bug_map b/private/bug_map
index 8b310012..2b970dd6 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -5,3 +5,7 @@ crash_dump app_data_file dir 68319037
5crash_dump bluetooth_data_file dir 68319037 5crash_dump bluetooth_data_file dir 68319037
6crash_dump vendor_overlay_file dir 68319037 6crash_dump vendor_overlay_file dir 68319037
7statsd statsd capability 71537285 7statsd statsd capability 71537285
8hal_graphics_allocator_default unlabeled dir 70180742
9surfaceflinger unlabeled dir 68864350
10hal_graphics_composer_default unlabeled dir 68864350
11bootanim unlabeled dir 68864350