tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow shell to read/search /dev/input directory.

Browse source 
Resolves denials such as:
avc: denied { read } for pid=16758 comm="getevent" name="input" dev="tmpfs" ino=6018 scontext=u:r:shell:s0 tcontext=u:object_r:input_device:s0 tclass=dir

Change-Id: I709bd20a03a5271382b191393d55a34b0b8e4e0c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-06-11 12:09:15 -04:00
parent 62af83810b
commit a2e4e2656b
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
shell.te
View file

@ -29,6 +29,7 @@ allow shell rootfs:dir r_dir_perms;
allow shell devpts:chr_file rw_file_perms; allow shell devpts:chr_file rw_file_perms;
allow shell tty_device:chr_file rw_file_perms; allow shell tty_device:chr_file rw_file_perms;
allow shell console_device:chr_file rw_file_perms; allow shell console_device:chr_file rw_file_perms;
allow shell input_device:dir r_dir_perms;
allow shell input_device:chr_file rw_file_perms; allow shell input_device:chr_file rw_file_perms;
allow shell system_file:file x_file_perms; allow shell system_file:file x_file_perms;
allow shell shell_exec:file rx_file_perms; allow shell shell_exec:file rx_file_perms;