tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow kernel to write to update_engine_data_file

Browse source 
This is needed to run update_engine unittests in cuttlefish. In the test,
the directory is mounted as R/W.

Denial:
avc: denied { write } for path="/data/misc/update_engine/tmp/a_img.NqUpaa" dev="dm-4" ino=3048 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0

strace:
mount("/dev/block/loop26", "/data/local/tmp/.org.chromium.Chromium.3s2KYE", "ext2", 0, "") = -1 EIO (I/O error)

Test: unittests pass
Change-Id: I4658eb60240bd725bac2aef30305747ffe50aeb6
This commit is contained in:
Tianjie Xu 2020-02-18 23:38:09 -08:00
parent 7848af185a
commit 9f7947348f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/kernel.te
View file

@ -65,10 +65,10 @@ allow kernel vold:fd use;
allow kernel { app_data_file privapp_data_file }:file read;
allow kernel asec_image_file:file read;
# Allow reading loop device in update_engine_unittests. (b/28319454)
# Allow mounting loop device in update_engine_unittests. (b/28319454)
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
allow kernel update_engine_data_file:file read;
allow kernel update_engine_data_file:file { read write };
allow kernel nativetest_data_file:file { read write };
')