tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

recovery: Allow BLKPBSZGET on cache_block_device

Browse source 
The comment in this file acknowledges that this is needed for "Wipe
data/cache", however it does not actually grant the permission for
cache_block_device. Add it. Fixes a denial seen on cuttlefish:

avc:  denied  { ioctl } for  pid=223 comm="mke2fs"
  path="/dev/block/vda3" dev="tmpfs" ino=486 ioctlcmd=0x127b
  scontext=u:r:recovery:s0 tcontext=u:object_r:cache_block_device:s0
  tclass=blk_file permissive=0

Bug: 146898312
Change-Id: I82b9975085c027941c970ca44dbb1a7a370295fa
This commit is contained in:
Alistair Delva 2019-12-26 14:48:21 -08:00
parent 1d241db7e5
commit 07e6aa994a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/recovery.te
View file

@ -85,7 +85,7 @@ recovery_only(`
allow recovery device:dir r_dir_perms;
allow recovery block_device:dir r_dir_perms;
allow recovery dev_type:blk_file rw_file_perms;
allowxperm recovery { userdata_block_device metadata_block_device }:blk_file ioctl BLKPBSZGET;
allowxperm recovery { userdata_block_device metadata_block_device cache_block_device }:blk_file ioctl BLKPBSZGET;
# GUI
allow recovery graphics_device:chr_file rw_file_perms;