Allow fsck to search /dev/block.

Addresses denials such as: avc: denied { search } for pid=143 comm="e2fsck" name="block" dev="tmpfs" ino=5987 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: Ieb72fc5e28146530c2f3b235ce74f2f397e49c56 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-10 16:13:45 -05:00 · 2015-02-10 16:13:45 -05:00 · 509186dea5
commit 509186dea5
parent f6cc34e098
1 changed files with 1 additions and 0 deletions
--- a/fsck.te
+++ b/fsck.te
@ -12,6 +12,7 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };

 # Run e2fsck on block devices.
+allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;