From 0bc6c80f51b4a8a17756dfe0acd221e046cfecd8 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 19 Dec 2014 17:21:52 -0800 Subject: [PATCH] allow toolbox block_device:dir search needed to get to the swap device. Addresses the following denial: avc: denied { search } for pid=149 comm="mkswap" name="block" dev="tmpfs" ino=9947 scontext=u:r:toolbox:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0 Change-Id: I0c897540f1c7950738622a013121a050a1f32b2f --- toolbox.te | 1 + 1 file changed, 1 insertion(+) diff --git a/toolbox.te b/toolbox.te index 105675628..68566060b 100644 --- a/toolbox.te +++ b/toolbox.te @@ -18,6 +18,7 @@ allow toolbox devpts:chr_file { read write getattr ioctl }; # Read/write block devices used for swap partitions. # Assign swap_block_device type any such partition in your # device///sepolicy/file_contexts file. +allow toolbox block_device:dir search; allow toolbox swap_block_device:blk_file rw_file_perms; # Only allow entry from init via the toolbox binary.