From 29666d125f99266afb408553fc9b4bb00da2373c Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 13 Nov 2017 08:08:17 -0800
Subject: [PATCH] Add tracking bugs to denials

These denials should not be allowed. Adding a bug number to the
denial properly attributes them to a bug.

Bug: 69197466
avc: denied { fsetid } for comm="update_engine" capability=4
scontext=u:r:update_engine:s0 tcontext=u:r:update_engine:s0
tclass=capability

Bug: 62140539
avc: denied { open }
path="/data/system_de/0/spblob/17a358cf8dff62ea.weaver"
scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0
tclass=file
avc: denied { unlink } for name="17a358cf8dff62ea.weaver"
scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

Bug: 69175449
avc: denied { read } for name="pipe-max-size" dev="proc"
scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file

Test: build
Change-Id: I62dc26a9076ab90ea4d4ce1f22e9b195f33ade16
---
 private/bug_map | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/bug_map b/private/bug_map
index 8f28a660f..26d25e7df 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1 +1,5 @@
 priv_app firstboot_prop file 63801215
+update_engine update_engine capability 69197466
+vold system_data_file file 62140539
+system_server proc file 69175449
+system_server vendor_framework_file dir 68826235
-- 
GitLab