PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow reading dt fstab in boot control HAL.

Browse Source 
Fixes the following denial:
  type=1400 audit(0.0:4): avc: denied { read } for comm="android.hardwar" name="compatible" dev="sysfs" ino=28205 scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=file permissive=0

This permission is needed for ReadDefaultFstab, which searches the device tree for fstab entries. Devices that use dt-fstab may fail to find the misc block device.

Bug: 143589455
Test: manual test
Change-Id: Ied52fe9b1056d26b4dd00811c4690fa4c505fae8
This commit is contained in:
David Anderson 2019-11-05 14:21:22 -08:00
parent 5f11b2e0ed
commit 9853c7522d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
vendor/hal_bootctl_default.te vendored
View File

@ -8,6 +8,7 @@ init_daemon_domain(hal_bootctl_default)
# Needed for ReadDefaultFstab.
allow hal_bootctl_default proc_cmdline:file r_file_perms;
allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
allow hal_bootctl_default sysfs_dt_firmware_android:file r_file_perms;
# ReadDefaultFstab looks for /metadata/gsi/booted. We don't care about getting
# a GSI-corrected fstab.