selinux-policy/adbd: resolve SELinux denials for adb file operations and shell interactions#1034
Closed
abhilash-manna wants to merge 1 commit into
Closed
selinux-policy/adbd: resolve SELinux denials for adb file operations and shell interactions#1034abhilash-manna wants to merge 1 commit into
abhilash-manna wants to merge 1 commit into
Conversation
- Fix adb pull/push operations. - Fix interactive shell execution. Signed-off-by: Abhilasha Manna <amanna@qti.qualcomm.com>
Contributor
|
LGTM, applied with 801addc to master. |
GargiQcom
pushed a commit
to GargiQcom/meta-openembedded
that referenced
this pull request
Mar 30, 2026
Upgrade to release 1.9.0: - 1.9.0 - Remove Python 3.8 support (EOL), add Python 3.13 (5f25030) - Remove localhost and 127.0.0.1 from default NO_PROXY list (openembedded#994) - Support IPv6 CIDRs in the no_proxy option (openembedded#1033) - Fix thread safety condition in `teardown()` to improve `run_forever()` (openembedded#1015) - Fix openembedded#1024 by chunking data, recursion in on_error callback, thread leak in `_stop_ping_thread()`, avoid implicit None in `recv()` (openembedded#1036) - Avoid bare except clauses for better error handling (openembedded#1036) - Fix async (openembedded#983) - Resolve mypy type errors (openembedded#996, openembedded#1006, 813d570) - Test coverage improvements (openembedded#1035, openembedded#1036) - flake8 linting improvements (openembedded#1034) - 1.8.0 - Added `on_reconnect` parameter to WebSocketApp to handle callback ambiguity (openembedded#972) - Improve handling of SSLEOFError and use reconnect bool (openembedded#961) - Minor linting and docs CI build upgrades (981c00e, 75ba91a, bec2608) License-Update: copyright years refreshed Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem :
This change addresses several SELinux denials encountered when using adb for file transfers (push/pull) and interactive shell sessions.
avc: denied { read open getattr } for pid=1089 comm=73796E6320737663203138 path="/denials.txt"
scontext=system_u:system_r:adbd_t:s0
tcontext=system_u:object_r:etc_runtime_t:s0
tclass=file
avc: denied { write } for pid=1089 comm=73796E6320737663203138 name="denials.txt"
scontext=system_u:system_r:adbd_t:s0
tcontext=system_u:object_r:etc_runtime_t:s0
tclass=file
avc: denied { use } for pid=3062 comm="semodule" path="/dev/pts/0" dev="devpts"
scontext=system_u:system_r:semanage_t:s0
tcontext=system_u:system_r:adbd_t:s0
tclass=fd
Fix :
Fix adb pull/push operations: The
adbddaemon (running asadbd_t) requires read, write, open, and getattr permissions to handle files labeled asetc_runtime_t.Fix interactive shell execution (adb shell): When executing commands like
semoduleviaadb shell, thesemanage_tdomain attempts to use the pseudo-terminal (PTY) file descriptors (/dev/pts/0) created byadbd_t.