support kernel writes to external SDcards
The kernel, when it creates a loop block device, starts a new
kernel thread "loop0" (drivers/block/loop.c). This kernel thread,
which performs writes on behalf of other processes, needs read/write
privileges to the sdcard. Allow it.
Steps to reproduce:
0) Get device with external, removable sdcard
1) Run: "adb install -s foo.apk"
Expected:
APK installs successfully.
Actual:
APK fails to install. Error message:
Vold E Failed to write superblock (I/O error)
loop0 W type=1400 audit(0.0:3123): avc: denied { read } for path="/mnt/secure/asec/smdl1645334795.tmp.asec" dev="mmcblk1p1" ino=528 scontext=u:r:kernel:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
PackageHelper E Failed to create secure container smdl1645334795.tmp
DefContainer E Failed to create container smdl1645334795.tmp
Bug: 17158723
(cherry picked from commit 4c6b13508d
)
Change-Id: Iea727ac7958fc31d85a037ac79badbe9c85693bd
This commit is contained in:
parent
711895db28
commit
28b26bcf42
@ -34,8 +34,9 @@ dontaudit kernel self:security setenforce;
|
||||
# Set checkreqprot by init.rc prior to switching to init domain.
|
||||
allow kernel self:security setcheckreqprot;
|
||||
|
||||
# MTP sync
|
||||
allow kernel fuse:file { read write };
|
||||
# MTP sync (b/15835289)
|
||||
# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
|
||||
allow kernel sdcard_type:file { read write };
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
|
Loading…
Reference in New Issue
Block a user