From da94ce004cfe19dd6d6623494937457240a34e4a Mon Sep 17 00:00:00 2001 From: Sasi Kumar Maddineni Date: Mon, 25 May 2026 11:11:01 +0530 Subject: [PATCH] dmesg: allow dmesg_t access to init script stream sockets dmesg was generating AVC denials when interacting with an init-script-owned UNIX stream socket for operations such as read, write, ioctl, and getattr on performing `adb shell dmesg`. Denials: type=AVC msg=audit(1773565011.851:411): avc: denied { ioctl } for pid=4782 comm="dmesg" path="socket:[764973]" dev="sockfs" ino=764973 ioctlcmd=0x542a scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1773565011.851:412): avc: denied { getattr } for pid=4782 comm="dmesg" path="socket:[764973]" dev="sockfs" ino=764973 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1773565011.851:410): avc: denied { read write } for pid=4782 comm="dmesg" path="socket:[764973]" dev="sockfs" ino=764973 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket permissive=1 type=AVC msg=audit(1773565011.851:411): avc: denied { ioctl } for pid=4782 comm="dmesg" path="socket:[764973]" dev="sockfs" ino=764973 ioctlcmd=0x542a scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket permissive=1 Grant the expected socket access for dmesg_t resolving the AVC denials. Signed-off-by: Sasi Kumar Maddineni --- policy/modules/admin/dmesg.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te index f1da315a98..2b98b0e7f6 100644 --- a/policy/modules/admin/dmesg.te +++ b/policy/modules/admin/dmesg.te @@ -43,6 +43,7 @@ files_read_usr_files(dmesg_t) init_use_fds(dmesg_t) init_use_script_ptys(dmesg_t) +init_rw_script_stream_sockets(dmesg_t) logging_send_syslog_msg(dmesg_t) logging_write_generic_logs(dmesg_t)