tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Restore permission for shell to list /sys/class/block

Browse source 
As a side effect, commit ec50aa5180 ("Allow the init and apexd
processes to read all block device properties") removed permission for
the shell context to list the /sys/class/block directory.  There is a
CTS test that relies on this (CtsNativeEncryptionTestCases), so grant
permission to do this again.

Bug: 196521739
Bug: 194450129
Test: Before this change, 'adb shell ls /sys/class/block' fails.
      After this change, 'adb shell ls /sys/class/block' succeeds.
Change-Id: I87cb90880f927db1385887b35c84f4dd7f95021b
This commit is contained in:
Eric Biggers 2021-08-16 10:41:00 -07:00
parent 4dcefe8898
commit 8b2b951349
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
prebuilts/api/31.0/public/shell.te
View file

@ -158,6 +158,9 @@ allow shell sysfs:dir r_dir_perms;
allow shell sysfs_batteryinfo:dir r_dir_perms;
allow shell sysfs_batteryinfo:file r_file_perms;
# allow shell to list /sys/class/block/ to get storage type for CTS
allow shell sysfs_block:dir r_dir_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;

3
public/shell.te
View file

@ -158,6 +158,9 @@ allow shell sysfs:dir r_dir_perms;
allow shell sysfs_batteryinfo:dir r_dir_perms;
allow shell sysfs_batteryinfo:file r_file_perms;
# allow shell to list /sys/class/block/ to get storage type for CTS
allow shell sysfs_block:dir r_dir_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;