ueventd: Add policy support for ueventd labeling changes

Currently, ueventd only modifies the SELinux label on a file if the entry exists in /ueventd.rc. Add policy support to enable an independent restorecon_recursive whenever a uevent message occurs. Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
2014-07-03 16:10:01 -07:00 · 2014-07-03 16:10:01 -07:00 · b8bdfde3d0
commit b8bdfde3d0
parent 5b2ed83357
1 changed files with 2 additions and 1 deletions
--- a/ueventd.te
+++ b/ueventd.te
@ -10,7 +10,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;