openharmony/security_selinux
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_selinux synced 2024-11-23 13:30:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add:wq

Browse Source 
Signed-off-by: qy136 <18772452388@163.com>
This commit is contained in:
qy136 2023-06-20 15:00:53 +08:00
parent 5ffa5404aa
commit 0f7a0ff510
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/ohos_policy/update/updater/system/ueventd.te
View File

@ -62,4 +62,7 @@ allow ueventd system_etc_file:lnk_file { read };
# avc: denied { relabelto } for pid=226 comm="ueventd" name="xpm" dev="tmpfs" ino=193 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_xpm:s0 tclass=chr_file permissive=1
allow ueventd dev_xpm:chr_file { relabelto };
# avc: denied { create } for pid=234 comm="ueventd" name="by-name" scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=dir permissive=1
allow ueventd dev_block_volfile:dir { create };
')

27
sepolicy/ohos_policy/update/updater/system/updater.te
View File

@ -361,4 +361,31 @@ allow updater vfat:file { map };
allow updater data_file:dir { setattr relabelto };
allow updater unlabeled:dir { getattr relabelfrom };
# avc: denied { relabelto } for pid=235 comm="updater" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
# avc: denied { setattr } for pid=235 comm="updater" name="updater" dev="mmcblk0p12" ino=7 scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
allow updater data_file:dir { relabelto setattr };
# avc: denied { append } for pid=235 comm="updater" path="/data/updater/log/updater_log" dev="mmcblk0p12" ino=9 scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=file permissive=1
allow updater data_file:file { append };
# avc: denied { getattr } for pid=235 comm="updater" path="/data" dev="mmcblk0p12" ino=3 scontext=u:r:updater:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
# avc: denied { relabelfrom } for pid=235 comm="updater" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:updater:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
allow updater unlabeled:dir { getattr relabelfrom };
# avc: denied { setattr } for pid=249 comm="updater" name="updater" dev="mmcblk0p12" ino=144 scontext=u:r:updater:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
allow updater data_updater_file:dir { setattr };
# avc: denied { ioctl } for pid=233 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x6409 scontext=u:r:updater:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
# avc: denied { ioctl } for pid=233 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x64af scontext=u:r:updater:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
allowxperm updater dev_dri_file:chr_file ioctl { 0x6409 0x64af };
# avc: denied { relabelto } for pid=232 comm="updater" name="updater_binary" dev="tmpfs" ino=5 scontext=u:r:updater:s0 tcontext=u:object_r:updater_binary_exec:s0 tclass=file permissive=1
allow updater updater_binary_exec:file { relabelto };
# avc: denied { ioctl } for pid=239 comm="updater" path="/dev/block/mmcblk0p14" dev="tmpfs" ino=151 ioctlcmd=0x1277 scontext=u:r:updater:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
allow updater dev_block_file:blk_file { ioctl };
# avc: denied { ioctl } for pid=239 comm="updater" path="/dev/block/mmcblk0p14" dev="tmpfs" ino=151 ioctlcmd=0x1277 scontext=u:r:updater:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
allowxperm updater dev_block_file:blk_file ioctl { 0x1277 };
')