tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

domain: allow dir search in selinuxfs

Browse source 
Domain is already allowed to stat selinuxfs, it also needs
dir search.

Addresses:
avc: denied { search } for name="/" dev="selinuxfs" ino=1 scontext=u:r:watchdogd:s0 tcontext=u:object_r:selinuxfs:s0 tclass=dir

Change-Id: I3e5bb96e905db480a2727038f80315d9544e9c07
This commit is contained in:
Jeff Vander Stoep 2016-01-25 10:15:01 -08:00 committed by Jeffrey Vander Stoep
parent c1b0ffcfdc
commit 45517a7547
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
domain.te
View file

@ -117,6 +117,7 @@ allow domain proc:lnk_file read;
allow domain proc_cpuinfo:file r_file_perms;
# toybox loads libselinux which stats /sys/fs/selinux/
allow domain selinuxfs:dir search;
allow domain selinuxfs:file getattr;
allow domain sysfs:dir search;
allow domain selinuxfs:filesystem getattr;