Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 17caa229a84680d79512812f8ab1d228b1cd3beb^! / . / private / traced_perf.te
commit17caa229a84680d79512812f8ab1d228b1cd3beb[log] [tgz]
authorRyan Savitski <rsavitski@google.com>Tue Feb 21 16:19:29 2023 +0000
committerRyan Savitski <rsavitski@google.com>Tue Feb 21 16:31:42 2023 +0000
treed74fa23cbcbce5b65786f4872f042a7c03bc7272
parent300f93bf5a17dc98e85c6141ac5215cfd3d9583c [diff] [blame]
Correct hal_configstore label used in profiler rules

hal_configstore_server is what we want to exclude to avoid conflicting
with public/hal_configstore.te neverallows on socket operations. I used
the wrong label in aosp/2419280, but it happened to also cover
hal_configstore_server in the final device sepolicy.

The logical error was caught by CtsSecurityHostTestCases:
  Warning!  Type or attribute hal_configstore used in neverallow
  undefined in policy being checked

Bug: 247858731
Bug: 269707771
Tested: built panther-user
Change-Id: I244e597939478d75f8437e82ff854a5d96c32a87

diff --git a/private/traced_perf.te b/private/traced_perf.te
index 080b6fe..31fa620 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te

@@ -67,7 +67,7 @@
   app_zygote
   bpfloader
   diced
-  hal_configstore
+  hal_configstore_server
   init
   kernel
   keystore