Add 'system' to update_verifier's gid (0ad2de5e) · Commits · Android-smartphones / realme / realme 5pro / kaderbava / foxrecovery_bootable_recovery

Commit 0ad2de5e authored Apr 18, 2017 by Tianjie Xu

Add 'system' to update_verifier's gid

This addresses the denial to /dev/cpuset/tasks:
update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override }
for capability=1 scontext=u:r:update_verifier:s0
tcontext=u:r:update_verifier:s0 tclass=capability permissive=1

update_verifier: type=1400 audit(0.0:378): avc: granted { write } for
name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0
tcontext=u:object_r:cgroup:s0 tclass=file

Bug: 37358323
Test: denial message gone after adding system group
Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d

parent 1b28a27c

Hide whitespace changes

Inline Side-by-side

Please register or to comment