From 6d58bd23b5b9466a9994d7a108a5fbef69863537 Mon Sep 17 00:00:00 2001 From: Bruno Martins Date: Thu, 29 Jun 2017 08:47:55 +0000 Subject: [PATCH] msm8976-common: Grant rmt_storage proper unix perms Do not grant DAC override permission which would allow this daemon unix permissions to everything. avc: denied { dac_override } for pid=2664 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 Add wakelock group to access: /sys/power/wake_lock -rw-rw---- 1 radio wakelock 4096 2017-06-28 00:37 wake_unlock Change-Id: Ib02b4aedab479f5ad8aca3a2100b5c489397002a --- rootdir/etc/init.qcom.rc | 1 + sepolicy/rmt_storage.te | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 45a7e0b..c01a8b4 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -1371,6 +1371,7 @@ service irsc_util /system/bin/irsc_util "/etc/sec_config" service rmt_storage /system/bin/rmt_storage class core user root + group wakelock writepid /dev/cpuset/system-background/tasks service tftp_server /system/bin/tftp_server diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te index a9a340f..2fc2dac 100644 --- a/sepolicy/rmt_storage.te +++ b/sepolicy/rmt_storage.te @@ -1,3 +1,3 @@ -allow rmt_storage self:capability { dac_override net_raw }; +allow rmt_storage self:capability net_raw; set_prop(rmt_storage, rmt_storage_prop)