Address SELinux denials with rild.

Allow r/w access to /dev/diag on userdebug/eng builds. avc: denied { read write } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file avc: denied { open } for pid=204 comm="rild" name="diag" dev="tmpfs" ino=8404 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file Grant radio sockets access to rild. avc: denied { write } for pid=323 comm="rild" name="qmux_radio" dev="tmpfs" ino=1053 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=dir avc: denied { write } for pid=323 comm="rild" name="qmux_connect_socket" dev="tmpfs" ino=1309 scontext=u:r:rild:s0 tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file avc: denied { connectto } for pid=323 comm="rild" path="/dev/socket/qmux_radio/qmux_connect_socket" scontext=u:r:rild:s0 tcontext=u:r:qmux:s0 tclass=unix_stream_socket Change-Id: I89f7531fb006bfcae9f97b979fba61f3ed6badde Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-02-20 19:33:28 -05:00 · 2014-02-20 19:33:28 -05:00 · 62d77eeceb
parent af7988ac35
commit 62d77eeceb
2 changed files with 6 additions and 0 deletions
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@ -122,6 +122,7 @@ BOARD_SEPOLICY_UNION += \
        netmgrd.te \
        ppd.te \
        qmux.te \
+        rild.te \
        rmt.te \
        sensors.te \
        surfaceflinger.te \
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@ -0,0 +1,5 @@
+userdebug_or_eng(`
+  allow rild diag_device:chr_file rw_file_perms;
+')
+
+qmux_socket(rild)