From 98a7fdc4b27325d1fb2141f9bbac604efd26648c Mon Sep 17 00:00:00 2001 From: Lili Lin Date: Sat, 18 Jan 2020 09:51:11 +0800 Subject: [PATCH] [ALPS03934986] Fix Selinux issue [Detail] Command chown system system /mnt/vendor/nvcfg action=post-fs-data (/vendor/etc/init/hw/init.mt6739.rc:138) took 1ms and failed: lchown() failed: Permission denied [Solution] Add unlabeled permission for vendor_init MTK-Commit-Id: 511397f101d5d63593199c212888e674e661199d Change-Id: Ia22badf945b52f76be3176f3081ada35aaada17b CR-Id: ALPS03934986 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/vendor_init.te | 4 ++-- non_plat/zygote.te | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te index 226b53d..c5f8e32 100644 --- a/non_plat/vendor_init.te +++ b/non_plat/vendor_init.te @@ -8,7 +8,7 @@ allow vendor_init mtk_md_version_prop:property_service set; allow vendor_init mtk_volte_prop:property_service set; allow vendor_init usp_prop:property_service set; allow vendor_init vendor_radio_prop:property_service set; - +allow vendor_init wmt_prop:property_service set; allow vendor_init proc:file write; allow vendor_init proc_bootprof:file write; @@ -16,7 +16,7 @@ allow vendor_init rootfs:dir { write add_name setattr }; allow vendor_init self:capability sys_module; allow vendor_init tmpfs:dir { write create add_name }; - +allow vendor_init unlabeled:dir { relabelfrom getattr setattr search }; allow vendor_init vendor_file:system module_load; allow vendor_init kmsg_device:chr_file unlink; diff --git a/non_plat/zygote.te b/non_plat/zygote.te index 416727b..68e8971 100644 --- a/non_plat/zygote.te +++ b/non_plat/zygote.te @@ -10,3 +10,6 @@ allow zygote proc_ged:file {open read write ioctl getattr}; # Purpose: Allow to access gpu for memtrack functions allow zygote gpu_device:dir search; allow zygote gpu_device:chr_file { open read write ioctl getattr}; + +allow zygote proc_bootprof:file rw_file_perms; +allow zygote proc_uptime:file rw_file_perms;