tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

dumpstate: allow df on /storage/emulated

Browse source 
dumpstate runs "df" on all mounted filesystems. Allow dumpstate
to access /storage/emulated so df works.

Addresses the following denial:

  avc: denied { search } for pid=4505 comm="df" name="/" dev="tmpfs" ino=6207 scontext=u:r:dumpstate:s0 tcontext=u:object_r:storage_file:s0 tclass=dir

Change-Id: I99dac8321b19952e37c0dd9d61a680a27beb1ae8
This commit is contained in:
Nick Kralevich 2015-04-06 15:24:51 -07:00
parent 4cdea7fc40
commit c24d90cb59
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dumpstate.te
View file

@ -63,6 +63,8 @@ allow dumpstate sysfs:file w_file_perms;
# Other random bits of data we want to collect # Other random bits of data we want to collect
allow dumpstate qtaguid_proc:file r_file_perms; allow dumpstate qtaguid_proc:file r_file_perms;
allow dumpstate debugfs:file r_file_perms; allow dumpstate debugfs:file r_file_perms;
# df for /storage/emulated needs search
allow dumpstate storage_file:dir search;
# Allow dumpstate to make binder calls to any binder service # Allow dumpstate to make binder calls to any binder service
binder_call(dumpstate, binderservicedomain) binder_call(dumpstate, binderservicedomain)