tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sdcardd: grant unmount

Browse source 
If the sdcard daemon is restarted (crash or otherwise), one of the first
things it attempts to do is umount the previously mounted /mnt/shell/emulated
fuse filesystem, which is denied by SELinux with the following denial:

  sdcard  : type=1400 audit(0.0:6997): avc: denied { unmount } for scontext=u:r:sdcardd:s0 tcontext=u:object_r:fuse:s0 tclass=filesystem permissive=0

Allow the operation.

Steps to reproduce:

  1) adb shell into the device and su to root
  2) run "kill -9 [PID OF SDCARD]

Expected:

  sdcard daemon successfully restarts without error message.

Actual:

  SELinux denial above, plus attempts to mount a new filesystem
  on top of the existing filesystem.

(cherrypicked from commit abfd427a32)

Bug: 17383009
Change-Id: I386bfc98e2b5b32b1d11408f7cfbd6e3c1af68f4
This commit is contained in:
Nick Kralevich 2014-09-04 11:04:23 -07:00
parent 018e9402c6
commit 5fc825c917
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sdcardd.te
View file

@ -6,7 +6,7 @@ init_daemon_domain(sdcardd)
allow sdcardd cgroup:dir create_dir_perms;
allow sdcardd fuse_device:chr_file rw_file_perms;
allow sdcardd rootfs:dir mounton;
allow sdcardd sdcard_type:filesystem mount;
allow sdcardd sdcard_type:filesystem { mount unmount };
allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
allow sdcardd sdcard_type:dir create_dir_perms;