kernel: allow usbfs:dir search

The deprecated/deleted usbfs kernel driver gets really unhappy when
SELinux denies it access to directories. On flo (3.4.0 kernel), this
comes across as an SELinux denial followed by a kernel panic.

Steps to reproduce:

  1. plug in a USB device.
  2. notice nothing happens.
  3. unplug the USB device
  4. plug it in again, watch for restart.

Expected:
  USB device works

Actual:
  [329180.030242] Host mode: Set DC level as 0x68 for flo.
  [329180.030395] msm_hsusb_host msm_hsusb_host: Qualcomm On-Chip EHCI Host Controller
  [329180.030639] Unable to create devices usbfs file
  [329180.030944] type=1400 audit(1425327845.292:12): avc: denied { search } for pid=24033 comm="kworker/0:1" name="/" dev="usbfs" ino=291099 scontext=u:r:kernel:s0 tcontext=u:object_r:usbfs:s0 tclass=dir
  [329180.060394] msm_hsusb_host msm_hsusb_host: new USB bus registered, assigned bus number 1
  [329180.091583] msm_hsusb_host msm_hsusb_host: irq 132, io mem 0x12500000
  [deleted]
  [329180.120178] hub 1-0:1.0: USB hub found
  [329180.120452] hub 1-0:1.0: 1 port detected
  [329180.123199] Unable to handle kernel NULL pointer dereference at virtual address 00000070
  [329180.123443] pgd = c0004000
  [329180.123809] [00000070] *pgd=00000000
  [329180.124206] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
  [329180.124481] CPU: 0    Tainted: G        W     (3.4.0-g2e8a935 #1)
  [329180.124908] PC is at mutex_lock+0xc/0x48
  [329180.125122] LR is at fs_create_file+0x4c/0x128
  [329180.125518] pc : [<c0916708>]    lr : [<c0440ec4>]    psr: a0000013
  [deleted]
  [329180.281005] [<c0916708>] (mutex_lock+0xc/0x48) from [<c0440ec4>] (fs_create_file+0x4c/0x128)
  [329180.281280] [<c0440ec4>] (fs_create_file+0x4c/0x128) from [<c04410c8>] (usbfs_notify+0x84/0x2a8)
  [329180.281738] [<c04410c8>] (usbfs_notify+0x84/0x2a8) from [<c009c3b8>] (notifier_call_chain+0x38/0x68)
  [329180.282257] [<c009c3b8>] (notifier_call_chain+0x38/0x68) from [<c009c600>] (__blocking_notifier_call_chain+0x44/0x58)
  [329180.282745] [<c009c600>] (__blocking_notifier_call_chain+0x44/0x58) from [<c009c628>] (blocking_notifier_call_chain+0x14/0x18)
  [329180.283264] [<c009c628>] (blocking_notifier_call_chain+0x14/0x18) from [<c043ef8c>] (generic_probe+0x74/0x84)
  [329180.283752] [<c043ef8c>] (generic_probe+0x74/0x84) from [<c04387c4>] (usb_probe_device+0x58/0x68)
  [329180.284240] [<c04387c4>] (usb_probe_device+0x58/0x68) from [<c03adc78>] (driver_probe_device+0x148/0x360)
  [329180.284576] [<c03adc78>] (driver_probe_device+0x148/0x360) from [<c03ac76c>] (bus_for_each_drv+0x4c/0x84)
  [329180.285034] [<c03ac76c>] (bus_for_each_drv+0x4c/0x84) from [<c03adfc8>] (device_attach+0x74/0xa0)
  [329180.285522] [<c03adfc8>] (device_attach+0x74/0xa0) from [<c03ac94c>] (bus_probe_device+0x28/0x98)
  [329180.286041] [<c03ac94c>] (bus_probe_device+0x28/0x98) from [<c03ab014>] (device_add+0x444/0x5e4)
  [329180.286529] [<c03ab014>] (device_add+0x444/0x5e4) from [<c042f180>] (usb_new_device+0x248/0x2e4)
  [329180.286804] [<c042f180>] (usb_new_device+0x248/0x2e4) from [<c043472c>] (usb_add_hcd+0x420/0x64c)
  [329180.287292] [<c043472c>] (usb_add_hcd+0x420/0x64c) from [<c044600c>] (msm_otg_sm_work+0xe74/0x1774)
  [329180.287811] [<c044600c>] (msm_otg_sm_work+0xe74/0x1774) from [<c0091d8c>] (process_one_work+0x280/0x488)
  [329180.288299] [<c0091d8c>] (process_one_work+0x280/0x488) from [<c00921a8>] (worker_thread+0x214/0x3b4)
  [329180.288787] [<c00921a8>] (worker_thread+0x214/0x3b4) from [<c0096b14>] (kthread+0x84/0x90)
  [329180.289276] [<c0096b14>] (kthread+0x84/0x90) from [<c000f3c8>] (kernel_thread_exit+0x0/0x8)

Allow the usbfs operation.

Bug: 19568950
Change-Id: Iffdc7bd93ebde8bb75c57a324b996e1775a0fd1e
This commit is contained in:
Nick Kralevich 2015-03-28 02:48:46 -07:00
parent 38af1da107
commit 883fcfcfcf

View file

@ -18,6 +18,7 @@ allow kernel unlabeled:dir search;
# Mount usbfs.
allow kernel usbfs:filesystem mount;
allow kernel usbfs:dir search;
# init direct restorecon calls prior to switching to init domain
# /dev and /dev/socket