From d94b78c908eafb9c57b17d8ad31842df5a0139a9 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 19 Dec 2014 16:19:05 -0800 Subject: [PATCH] toolbox: android_fork_execvp_ext() requires getattr ioctl Addresses the following denials: avc: denied { getattr } for pid=148 comm="mkswap" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:toolbox:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for pid=148 comm="mkswap" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:toolbox:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1 Change-Id: I88c88493cd5f523b5b26a8028b421b3565aa5751 --- toolbox.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.te b/toolbox.te index 5d7f824d8..105675628 100644 --- a/toolbox.te +++ b/toolbox.te @@ -12,7 +12,7 @@ init_daemon_domain(toolbox) allow toolbox tmpfs:chr_file { read write ioctl }; # Inherit and use pty created by android_fork_execvp_ext(). -allow toolbox devpts:chr_file { read write }; +allow toolbox devpts:chr_file { read write getattr ioctl }; # mkswap-specific. # Read/write block devices used for swap partitions.