openharmony/security_selinux
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_selinux synced 2024-11-23 05:19:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!2551 修改 av_codec 部件策略

Browse Source 
Merge pull request !2551 from WestYao/dev_why_2
This commit is contained in:
openharmony_ci 2023-06-26 11:25:17 +00:00 committed by Gitee
commit f8cdc9aa89
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sepolicy/ohos_policy/multimedia/av_codec/system/av_codec_service.te
View File

@ -78,12 +78,34 @@ allow av_codec_service node:udp_socket { node_bind };
# avc: denied { name_connect } for pid=546 comm="av_codec_servic" dest=443 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket permissive=1
allow av_codec_service port:tcp_socket { name_connect };
# avc: denied { getattr } for pid=548 comm="omx_msg_hdl" path="/proc/version" dev="proc" ino=4026532114 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:proc_version_file:s0 tclass=file permissive=1
# avc: denied { open } for pid=548 comm="omx_msg_hdl" path="/proc/version" dev="proc" ino=4026532114 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:proc_version_file:s0 tclass=file permissive=1
# avc: denied { read } for pid=548 comm="omx_msg_hdl" name="version" dev="proc" ino=4026532114 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:proc_version_file:s0 tclass=file permissive=1
allow av_codec_service proc_version_file:file { getattr open read };
# avc: denied { open } for pid=548 comm="omx_msg_hdl" path="/sys/firmware/devicetree/base/compatible" dev="sysfs" ino=15 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1
# avc: denied { read } for pid=548 comm="omx_msg_hdl" name="compatible" dev="sysfs" ino=15 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1
allow av_codec_service sys_file:file { open read };
# avc: denied { map } for pid=577 comm="IPC_2_1400" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=60 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
# avc: denied { open } for pid=577 comm="IPC_2_1400" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=60 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
# avc: denied { read } for pid=577 comm="IPC_2_1400" name="u:object_r:sys_param:s0" dev="tmpfs" ino=60 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
allow av_codec_service sys_param:file { map open read };
# avc: denied { search } for pid=548 comm="av_codec_servic" name="etc" dev="mmcblk0p8" ino=16 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
allow av_codec_service vendor_etc_file:dir { search };
# avc: denied { getattr } for pid=548 comm="av_codec_servic" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p8" ino=36 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
# avc: denied { open } for pid=548 comm="av_codec_servic" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p8" ino=36 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
# avc: denied { read } for pid=548 comm="av_codec_servic" name="hdf_default.hcb" dev="mmcblk0p8" ino=36 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
allow av_codec_service vendor_etc_file:file { getattr open read };
# avc: denied { call } for pid=1648 comm="av_codec_servic" scontext=u:r:av_codec_service:s0 tcontext=u:r:codec_host:s0 tclass=binder permissive=1
# avc: denied { transfer } for pid=1648 comm="IPC_3_1816" scontext=u:r:av_codec_service:s0 tcontext=u:r:codec_host:s0 tclass=binder permissive=1
allow av_codec_service codec_host:binder { call transfer };
# avc: denied { search } for pid=1648 comm="IPC_3_1816" name="/" dev="mmcblk0p14" ino=3 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
allow av_codec_service data_file:dir { search };
# avc: denied { get } for service=codec_component_manager_service pid=2561 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:hdf_codec_component_manager_service:s0 tclass=hdf_devmgr_class permissive=0
allow av_codec_service hdf_codec_component_manager_service:hdf_devmgr_class { get };
# avc: denied { search } for pid=1648 comm="IPC_3_1816" name="/" dev="mmcblk0p14" ino=3 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
allow av_codec_service data_file:dir { search };