Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0ad2de5e authored by Tianjie Xu's avatar Tianjie Xu
Browse files

Add 'system' to update_verifier's gid 

This addresses the denial to /dev/cpuset/tasks:
update_verifier: type=1400 audit(0.0:377): avc: denied { dac_override }
for capability=1 scontext=u:r:update_verifier:s0
tcontext=u:r:update_verifier:s0 tclass=capability permissive=1

update_verifier: type=1400 audit(0.0:378): avc: granted { write } for
name="tasks" dev="cgroup" ino=5 scontext=u:r:update_verifier:s0
tcontext=u:object_r:cgroup:s0 tclass=file

Bug: 37358323
Test: denial message gone after adding system group
Change-Id: I66b4925295a13fbc1c6f26a1bb9bd2f9cebcec3d
parent 1b28a27c

update_verifier/update_verifier.rc

+2 −2
Original line number Diff line number Diff line 
service update_verifier_nonencrypted /system/bin/update_verifier nonencrypted

    user root

    group cache

    group cache system

    priority -20

    ioprio rt 0



service update_verifier /system/bin/update_verifier ${vold.decrypt}

    user root

    group cache

    group cache system

    priority -20

    ioprio rt 0