Allow reading dt fstab in boot control HAL.
Fixes the following denial: type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="compatible" dev="sysfs" ino=28205 scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=file permissive=0 This permission is needed for ReadDefaultFstab, which searches the device tree for fstab entries. Devices that use dt-fstab may fail to find the misc block device. Bug: 143589455 Test: manual test Change-Id: Ied52fe9b1056d26b4dd00811c4690fa4c505fae8
This commit is contained in:
parent
5f11b2e0ed
commit
9853c7522d
1
vendor/hal_bootctl_default.te
vendored
1
vendor/hal_bootctl_default.te
vendored
@ -8,6 +8,7 @@ init_daemon_domain(hal_bootctl_default)
|
||||
# Needed for ReadDefaultFstab.
|
||||
allow hal_bootctl_default proc_cmdline:file r_file_perms;
|
||||
allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
|
||||
allow hal_bootctl_default sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
# ReadDefaultFstab looks for /metadata/gsi/booted. We don't care about getting
|
||||
# a GSI-corrected fstab.
|
||||
|
Loading…
Reference in New Issue
Block a user