summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 04529dc)
raw | patch | inline | side by side (parent: 04529dc)
| author | Florian Mayer <fmayer@google.com> | |
| Fri, 6 Apr 2018 11:55:22 +0000 (12:55 +0100) | ||
| committer | Florian Mayer <fmayer@google.com> | |
| Fri, 6 Apr 2018 12:51:41 +0000 (12:51 +0000) |
This is needed to be able to scan the labels we have
permission on.
Denial:
04-06 12:52:22.674 874 874 W traced_probes: type=1400 audit(0.0:10314): avc: denied { search } for name="backup" dev="sda45" ino=6422529 scontext=u:r:traced_probes:s0 tcontext=u:object_r:backup_data_file:s0 tclass=dir permissive=0
Bug: 73625480
permission on.
Denial:
04-06 12:52:22.674 874 874 W traced_probes: type=1400 audit(0.0:10314): avc: denied { search } for name="backup" dev="sda45" ino=6422529 scontext=u:r:traced_probes:s0 tcontext=u:object_r:backup_data_file:s0 tclass=dir permissive=0
Bug: 73625480
| private/traced_probes.te | patch | blob | history |
index e6a3dfe32a04a7f38e145d6d4a25fb987911aa20..5d80f7e8b172939e748ae03c0a0469d0a796d8e6 100644 (file)
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
# Allow traced_probes to list some of the data partition.
allow traced_probes self:capability dac_read_search;
-allow traced_probes apk_data_file:dir { getattr open read };
-allow traced_probes dalvikcache_data_file:dir { getattr open read };
+allow traced_probes apk_data_file:dir { getattr open read search };
+allow traced_probes dalvikcache_data_file:dir { getattr open read search };
userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read };
+allow traced_probes system_data_file:dir { getattr open read search };
')
-allow traced_probes system_app_data_file:dir { getattr open read };
-allow traced_probes backup_data_file:dir { getattr open read };
-allow traced_probes bootstat_data_file:dir { getattr open read };
-allow traced_probes update_engine_data_file:dir { getattr open read };
-allow traced_probes update_engine_log_data_file:dir { getattr open read };
-allow traced_probes user_profile_data_file:dir { getattr open read };
+allow traced_probes system_app_data_file:dir { getattr open read search };
+allow traced_probes backup_data_file:dir { getattr open read search };
+allow traced_probes bootstat_data_file:dir { getattr open read search };
+allow traced_probes update_engine_data_file:dir { getattr open read search };
+allow traced_probes update_engine_log_data_file:dir { getattr open read search };
+allow traced_probes user_profile_data_file:dir { getattr open read search };
# Allow traced_probes to run atrace. atrace pokes at system services to enable
# their userspace TRACE macros.