Add sepolicy for lowi-server

06-24 16:58:55.724 9519 9519 I lowi-server: type=1400 audit(0.0:1980): avc: denied { read write } for path="socket:[69473]" dev="sockfs" ino=69473 scontext=u:r:lowi_server:s0 tcontext=u:r:vendor_location:s0 tclass=unix_dgram_socket permissive=1 Bug: 235281415 Test: avc error is gone Change-Id: I93615b98c08f6e6e5c3cc182bddcff30e452e103
2022-06-24 17:07:25 +08:00
parent 9a67905169
commit 101db9756d
2 changed files with 1 additions and 3 deletions
--- a/tracking_denials/lowi_server.te
+++ b/tracking_denials/lowi_server.te
@@ -1,2 +0,0 @@
-# b/235281415
-dontaudit lowi_server vendor_location:unix_dgram_socket { read write };
--- a/vendor/lowi_server.te
+++ b/vendor/lowi_server.te
@@ -10,7 +10,7 @@ allow lowi_server self:netlink_route_socket create_socket_perms_no_ioctl;
 ## lowi-server
 ##############
 allow lowi_server vendor_location:fd use;
-allow lowi_server vendor_location:unix_dgram_socket sendto;
+allow lowi_server vendor_location:unix_dgram_socket {sendto read write};

 # some additional network access
 allow lowi_server self:netlink_generic_socket create_socket_perms_no_ioctl;