sm7250-common:address some denials

Signed-off-by: revolwoc <imsakshisharma04@gmail.com> Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
2022-05-06 09:54:03 +05:30
parent c7d4e3aca5
commit 850517a1cd
3 changed files with 19 additions and 0 deletions
--- a/sepolicy/private/untrusted_app.te
+++ b/sepolicy/private/untrusted_app.te
@@ -0,0 +1,6 @@
+get_prop(untrusted_app, virtual_ab_prop);
+
+allow untrusted_app exported_camera_prop:file { read };
+allow untrusted_app proc_net:file { read open getattr };
+allow untrusted_app app_data_file:file { execute };
+dontaudit untrusted_app proc:file { read };
--- a/sepolicy/vendor/untrusted_app.te
+++ b/sepolicy/vendor/untrusted_app.te
@@ -10,3 +10,10 @@ allow untrusted_app proc_max_map_count:file { getattr open read };
 allow untrusted_app proc_version:file { getattr open read };
 allow untrusted_app proc_zoneinfo:file { getattr open read };
 allow untrusted_app vendor_file:file { execute getattr map open read };
+
+# dontaudit
+dontaudit untrusted_app proc_zoneinfo: file { read };
+dontaudit untrusted_app system_lib_file:file { execmod };
+dontaudit untrusted_app proc_version:file { read };
+allow untrusted_app proc_net_tcp_udp:file { read };
+allow untrusted_app rootfs:dir { read };
--- a/sepolicy/vendor/untrusted_app_29.te
+++ b/sepolicy/vendor/untrusted_app_29.te
@@ -7,3 +7,9 @@ allow untrusted_app_29 vendor_sysfs_kgsl:file { getattr  open  read };
 allow untrusted_app_29 hal_camera_default:binder { call };
 allow untrusted_app_29 vendor_xdsp_device:chr_file { ioctl };
 allow untrusted_app_29 zygote:unix_stream_socket { getopt };
+
+dontaudit untrusted_app_29 cgroup:file read;
+allow untrusted_app_29 proc_qtaguid_stat:file { read open getattr };
+allow untrusted_app_29 proc_zoneinfo:file { read open getattr };
+dontaudit untrusted_app_29 proc:file read;
+allow untrusted_app_29 app_data_file:file { execute };