Skip to content
Snippets Groups Projects
Commit c4021ceb authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Address adb backup/restore denials.


Resolves the following denials seen during an adb backup and restore
sequence.

<5>[   90.247039] type=1400 audit(1388759567.693:16): avc:  denied  { getopt } for  pid=3503 comm="Thread-149" scontext=u:r:system_server:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket
<5>[   90.249176] type=1400 audit(1388759567.703:17): avc:  denied  { getopt } for  pid=2334 comm="app_process" scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket

Change-Id: I1f6f90f29eecc32ee692764b04b812988f099cde
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent aef19ebf
No related branches found
No related tags found
No related merge requests found
...@@ -23,9 +23,10 @@ allow domain init:fd use; ...@@ -23,9 +23,10 @@ allow domain init:fd use;
allow domain system_server:fd use; allow domain system_server:fd use;
# Connect to adbd and use a socket transferred from it. # Connect to adbd and use a socket transferred from it.
# This is used for e.g. adb backup/restore.
allow domain adbd:unix_stream_socket connectto; allow domain adbd:unix_stream_socket connectto;
allow domain adbd:fd use; allow domain adbd:fd use;
allow domain adbd:unix_stream_socket { getattr read write shutdown }; allow domain adbd:unix_stream_socket { getattr getopt read write shutdown };
### ###
### Talk to debuggerd. ### Talk to debuggerd.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment