xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sepolicy : add rule to allow dpmd self kill

Browse Source 
add self kill rule to kill dpmd child process
which executes iptable commands.

denial:
dpmd    : type=1400 audit(0.0:56633): avc: denied { kill }
for capability=5 scontext=u:r:dpmd:s0 tcontext=u:r:dpmd:s0
tclass=capability permissive=1

CRs-Fixed: 2490550
Change-Id: I4cc1f23a8c3ba37e33fd02c729c2f4d2a7eea4d4
This commit is contained in:
Pavan Kumar M
2019-07-15 16:13:53 +05:30
parent 8a996616fd
commit a0bc72f6d9
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
qva/private/dpmd.te
View File

@@ -70,3 +70,5 @@ dpmd_socket_perm(untrusted_app_25)
dpmd_socket_perm(platform_app)
#allow dpmd to write to /proc/net/sys
allow dpmd proc_net:file write;
#self kill rule to kill dpmd child process which executes iptable commands
allow dpmd self:capability kill;