domain: Allow stat on symlinks in vendor
Addresses:
denied { getattr } for pid=155 comm="keystore" path="/vendor"
dev="mmcblk0p6" ino=1527 scontext=u:r:keystore:s0
tcontext=u:object_r:system_file:s0 tclass=lnk_file
On devices without an actual vendor image, /vendor is a symlink to
/system/vendor. When loading a library from this symlinked vendor,
the linker uses resolve_paths() resulting in an lstat(). This
generates an selinux denial. Allow this lstat() so that paths can
be resolved on devices without a real vendor image.
Bug: 35946056
Test: sailfish builds
Change-Id: Ifae11bc7039047e2ac2b7eb4fbcce8ac4580799f
This commit is contained in:
Jeff Vander Stoep
parent
34ab219f3f
commit
05d83dd407
1 changed files with 1 additions and 1 deletions
|
|
@ -92,7 +92,7 @@ write_logd(domain)
|
|||
# System file accesses.
|
||||
allow domain system_file:dir { search getattr };
|
||||
allow domain system_file:file { execute read open getattr };
|
||||
allow domain system_file:lnk_file read;
|
||||
allow domain system_file:lnk_file { getattr read };
|
||||
|
||||
# read any sysfs symlinks
|
||||
allow domain sysfs:lnk_file read;
|
||||
|
|
|
|||
Loading…
Reference in a new issue