From 5cd4b4eee6bcc51a4d3170794366b3c514170480 Mon Sep 17 00:00:00 2001 From: minaripenguin Date: Wed, 6 Sep 2023 21:41:41 +0800 Subject: [PATCH] Allow system server to access tmpfs files * For some reasons CachedAppOptimizer is throwing these kinds of denials [1] it wont probably hurt to allow access to tmpfs files since system server already have access to app domain and zygote tmpfs [1] avc: denied { write } for comm="CachedAppOptimi" dev="tmpfs" ino=34884 scontext=u:r:system_server:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=0 avc: denied { write } for comm="CachedAppOptimi" dev="tmpfs" ino=16233 scontext=u:r:system_server:s0 tcontext=u:object_r:zygote_tmpfs:s0 tclass=file permissive=0 Signed-off-by: minaripenguin Signed-off-by: Pranav Temkar Change-Id: I9207deadabb3bb4dc75be5215e32719a4346d1ca --- private/system_server.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/private/system_server.te b/private/system_server.te index 10b2127ebf..c9f2bed8cb 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -22,7 +22,8 @@ type_transition system_server system_data_file:sock_file system_ndebug_socket "n # Create a socket for connections from zygotes. type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket"; -allow system_server zygote_tmpfs:file { map read }; +allow system_server tmpfs:file { map read write }; +allow system_server zygote_tmpfs:file { map read write }; allow system_server appdomain_tmpfs:file { getattr map read write }; # For Incremental Service to check if incfs is available