Annotate denials There is a race condition between when /data is mounted and when processes attempt to access it. Attempting to access /data before it's mounted causes an selinux denial. Attribute these denials to a bug. 07-04 23:48:53.646 503 503 I auditd : type=1400 audit(0.0:7): avc: denied { search } for comm="surfaceflinger" name="/" dev="sda35" ino=2 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0 07-15 17:41:18.100 582 582 I auditd : type=1400 audit(0.0:4): avc: denied { search } for comm="BootAnimation" name="/" dev="sda35" ino=2 scontext=u:r:bootanim:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=0 Bug: 68864350 Test: build Change-Id: I07f751d54b854bdc72f3e5166442a5e21b3a9bf5

commit: 1e1a3f7c585ac128ca4d7b9023a12264a0f13fda [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Tue Jan 16 19:47:36 2018 -0800
committer: Jeff Vander Stoep <jeffv@google.com> Tue Jan 16 19:47:36 2018 -0800
tree: 6bc4ea92d4c18be8e5f50e3cc8998f84c7275770
parent: 97753529fdcb96e2c8c691d89069710ce75c3fcb [diff] [blame]
diff --git a/private/bug_map b/private/bug_map
index 8b31001..2b970dd 100644
--- a/private/bug_map
+++ b/private/bug_map

@@ -5,3 +5,7 @@
 crash_dump bluetooth_data_file dir 68319037
 crash_dump vendor_overlay_file dir 68319037
 statsd statsd capability 71537285
+hal_graphics_allocator_default unlabeled dir 70180742
+surfaceflinger unlabeled dir 68864350
+hal_graphics_composer_default unlabeled dir 68864350
+bootanim unlabeled dir 68864350
commit	1e1a3f7c585ac128ca4d7b9023a12264a0f13fda	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Tue Jan 16 19:47:36 2018 -0800
committer	Jeff Vander Stoep <jeffv@google.com>	Tue Jan 16 19:47:36 2018 -0800
tree	6bc4ea92d4c18be8e5f50e3cc8998f84c7275770
parent	97753529fdcb96e2c8c691d89069710ce75c3fcb [diff] [blame]