replicant-vendor_replicant/sepolicy
myfluxi 8501771607 sepolicy: Make superuser_device and sudaemon mlstrustedobjects
Address:
avc: denied { write } for pid=8782 comm="su" name="su-daemon" dev="tmpfs" ino=9462
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:superuser_device:s0
tclass=sock_file permissive=0

avc: denied { connectto } for pid=6666 comm="su" path="/dev/socket/su-daemon/su-daemon"
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:sudaemon:s0
tclass=unix_stream_socket permissive=0

And thus fix su.

Change-Id: I666277067c5ff9f2a985c243075c63fd87090b27
2015-11-05 23:53:50 +01:00
..
qcom sepolicy: allow vold to trim persist 2015-09-30 14:04:23 -07:00
adbd.te sepolicy: Fix permissions for service.adb.tcp.port 2014-12-01 20:36:13 +00:00
app.te sepolicy: Apps need to read themed resources 2015-01-14 15:55:41 +00:00
auditd.te
bootanim.te sepolicy: Apps need to read themed resources 2015-01-14 15:55:41 +00:00
drmserver.te sepolicy: Let drmserver scan themes 2015-01-25 11:02:24 -08:00
file_contexts vendor/cm: Fix up service contexts for sepolicy. 2015-10-16 13:20:33 -07:00
file.te cm: sepolicy: Create standard policy for LiveDisplay 2015-09-15 15:31:19 -07:00
genfs_contexts
healthd.te selinux: Fix healthd's access to /dev nodes 2014-11-27 22:57:21 +00:00
hostapd.te vendor: add policies for netd 2014-11-29 23:33:52 -08:00
installd.te
livedisplay.te cm: sepolicy: Create standard policy for LiveDisplay 2015-09-15 15:31:19 -07:00
mac_permissions.xml sepolicy: Allow CMUpdater/uncrypt access to recovery_cache_file 2015-02-21 17:21:47 -05:00
mediaserver.te sepolicy: Apps need to read themed resources 2015-01-14 15:55:41 +00:00
netd.te vendor: add policies for netd 2014-11-29 23:33:52 -08:00
property_contexts sepolicy: allow userinit to set its property 2015-02-09 21:03:35 +00:00
property.te sepolicy: allow userinit to set its property 2015-02-09 21:03:35 +00:00
recovery.te sepolicy: Allow recovery to set system properties 2015-08-05 17:54:33 -07:00
seapp_contexts sepolicy: Allow CMUpdater/uncrypt access to recovery_cache_file 2015-02-21 17:21:47 -05:00
sepolicy.mk sepolicy: remove BOARD_SEPOLICY_UNION 2015-10-07 12:49:00 -07:00
service_contexts perf: Moving PerformanceManager to CMSDK 2015-11-03 18:55:49 -08:00
service.te perf: Moving PerformanceManager to CMSDK 2015-11-03 18:55:49 -08:00
shell.te Allow SystemServer to set service.adb.tcp.* properties 2014-11-29 09:01:56 -08:00
su.te sepolicy: Make superuser_device and sudaemon mlstrustedobjects 2015-11-05 23:53:50 +01:00
sysinit.te sepolicy: Permissions for userinit 2015-03-17 12:12:59 +00:00
system_app.te sepolicy: Allow system app to set boot anim property 2015-09-21 18:16:18 -07:00
system_server.te cm: SELinux policy for persistent properties API 2015-09-09 11:53:23 -07:00
system.te cm: Remove duplicate SEPolicy items 2015-10-31 02:08:33 -07:00
ueventd.te
uncrypt.te sepolicy: Allow CMUpdater/uncrypt access to recovery_cache_file 2015-02-21 17:21:47 -05:00
userinit.te sepolicy: Permissions for userinit 2015-03-17 12:12:59 +00:00
vold.te sepolicy: Allow vold to create tmpfs files for asec containers 2015-02-19 10:55:07 -05:00
zygote.te cm: Fix a few denials 2015-09-19 22:49:20 -07:00