Merge "Revert "Stop granting init access to block device properties""

2021-10-13 17:11:01 +00:00 · 2021-10-13 17:11:01 +00:00 · 41b61b7772
commit 41b61b7772
parent 47a5f31980 60b7d9a36e
1 changed files with 6 additions and 0 deletions
--- a/private/init.te
+++ b/private/init.te
@ -42,6 +42,12 @@ allow init sysfs_dm:file read;
 allow init sysfs_loop:dir r_dir_perms;
 allow init sysfs_loop:file rw_file_perms;

+# Allow init to examine the properties of block devices.
+allow init sysfs_block_type:file { getattr read };
+# Allow init access /dev/block
+allow init bdev_type:dir r_dir_perms;
+allow init bdev_type:blk_file getattr;
+
 # Allow init to write to the drop_caches file.
 allow init proc_drop_caches:file rw_file_perms;