ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Read selinux_denial_metadata from /vendor

Browse source 
selinux_denial_metadata contains device-specific information, so it is
being moved to /vendor.

Bug: 5159394
Test: bug information is still preserved in avc logs, e.g.
audit(0.0:248): avc: denied { read } for
name="u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=18012
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=0
b/79617173 app=com.android.systemui
Change-Id: I23293e715b5d793a54466a128ccd57f44370cf5a
This commit is contained in:
Tri Vo 2019-01-23 09:58:35 -08:00
parent 23a40c7b16
commit 57b2e8cd01
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
logd/LogAudit.cpp
View file

@ -111,7 +111,7 @@ static inline bool hasMetadata(char* str, int str_len) {
}
std::map<std::string, std::string> LogAudit::populateDenialMap() {
std::ifstream bug_file("/system/etc/selinux/selinux_denial_metadata");
std::ifstream bug_file("/vendor/etc/selinux/selinux_denial_metadata");
std::string line;
// allocate a map for the static map pointer in auditParse to keep track of,
// this function only runs once