Add sepolicy for vendor_location

06-25 21:59:57.532 3922 3922 I auditd : type=1400 audit(0.0:11): avc: denied { sendto } for comm="loc_mq_clnt" path="/dev/socket/location/mq/LOWI-SERVER" scontext=u:r:vendor_location:s0 tcontext=u:r:lowi_server:s0 tclass=unix_dgram_socket permissive=0 06-29 04:30:11.188 8182 8182 I auditd : type=1400 audit(0.0:1517): avc: denied { sendto } for comm="loc_mq_clnt" path="/dev/socket/location/mq/7b2e9924f8-LC" scontext=u:r:vendor_location:s0 tcontext=u:r:hal_wifi_ext:s0 tclass=unix_dgram_socket permissive=0 Bug: 237467750 Test: avc error is gone Change-Id: Ic4ff2bdf30b042c08c38b134c6af086d7033511f
2022-06-29 15:01:15 +08:00
parent b9be0516dc
commit 4d4fd451a6
2 changed files with 4 additions and 1 deletions
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,3 +1,2 @@
 hal_radioext_default hal_bluetooth_default binder b/234311798
 init-insmod-sh init-insmod-sh capability b/234311675
-vendor_location lowi_server unix_dgram_socket b/237467750
--- a/vendor/vendor_location.te
+++ b/vendor/vendor_location.te
@@ -13,3 +13,7 @@ allow vendor_location vendor_location_socket:dir rw_dir_perms;

 # /sys/devices/soc0/soc_id
 allow vendor_location vendor_location_sysfs:file create_file_perms;
+
+# /dev/socket/location/mq/*
+allow vendor_location lowi_server:unix_dgram_socket {sendto read write};
+allow vendor_location hal_wifi_ext:unix_dgram_socket {sendto read write};