tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

allow toolbox block_device:dir search

Browse source 
needed to get to the swap device.

Addresses the following denial:

  avc:  denied  { search } for  pid=149 comm="mkswap" name="block" dev="tmpfs" ino=9947 scontext=u:r:toolbox:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0

Change-Id: I0c897540f1c7950738622a013121a050a1f32b2f
This commit is contained in:
Nick Kralevich 2014-12-19 17:21:52 -08:00
parent d94b78c908
commit 0bc6c80f51
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
toolbox.te
View file

@ -18,6 +18,7 @@ allow toolbox devpts:chr_file { read write getattr ioctl };
# Read/write block devices used for swap partitions. # Read/write block devices used for swap partitions.
# Assign swap_block_device type any such partition in your # Assign swap_block_device type any such partition in your
# device/<vendor>/<product>/sepolicy/file_contexts file. # device/<vendor>/<product>/sepolicy/file_contexts file.
allow toolbox block_device:dir search;
allow toolbox swap_block_device:blk_file rw_file_perms; allow toolbox swap_block_device:blk_file rw_file_perms;
# Only allow entry from init via the toolbox binary. # Only allow entry from init via the toolbox binary.