| commit | 326e51a99e1512c9654a4d00332f40f6369e9b48 | [log] [tgz] |
|---|---|---|
| author | Grace Cheng <gracemc@google.com> | Wed Jul 31 13:31:33 2019 -0700 |
| committer | Grace Cheng <gracemc@google.com> | Wed Jul 31 15:30:52 2019 -0700 |
| tree | 78707fc093033feb28e29ebfd309fc53bbfd02c5 | |
| parent | 3b61e3359fcebcf4d13d6af866fd01d8353f126d [diff] |
Adds sepolicy for Google VHAL.
Bug: b/138677476
Test: Runs google VHAL emulator. The emulator is able to open socket.
Fixed denials:
avc: denied { connectto } for comm="vehicle@2.0-ser" path="/dev/socket/fwmarkd" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=1
avc: denied { write } for comm="vehicle@2.0-ser" name="fwmarkd" dev="tmpfs" ino=2517 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:fwmarkd_socket:s0 tclass=sock_file permissive=1
avc: denied { accept } for comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { bind } for comm="android.hardwar" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { connectto } for path="/dev/socket/fwmarkd" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket permissive=1
avc: denied { create } for comm="android.hardwar" scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { listen } for comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { node_bind } for comm="android.hardwar" src=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:node:s0 tclass=tcp_socket permissive=1
avc: denied { write } for name="fwmarkd" dev="tmpfs" ino=2517 scontext=u:r:hal_vehicle_default:s0 tcontext=u:object_r:fwmarkd_socket:s0 tclass=sock_file permissive=1
avc: denied { accept } for comm="vehicle@2.0-ser" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { accept } for lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { read } for comm="vehicle@2.0-ser" path="socket:[2844]" dev="sockfs" ino=2844 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
avc: denied { read } for path="socket:[2844]" dev="sockfs" ino=2844 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
Change-Id: Ia94276f09706c9059fa5bd9b3145af3885adb9ae
Native (C++) code format is required to be compatible with .clang-format file. Run
git clang-format --style=file --extension='h,cpp,cc' HEAD~
Note that clang-format is not desirable for Android java files. Therefore the command line above is limited to specific extensions.