vold: allow execute cp and rm
Used in system/vold/MoveTask.cpp Addresses: avc: denied { execute } for name="toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { read open } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { execute_no_trans } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 Change-Id: I2eb6288aaed510ae5be0f3605088ace6b865ef83
This commit is contained in:
parent
540ea534e0
commit
d1f8f731ea
3
vold.te
3
vold.te
@ -168,6 +168,9 @@ allow vold fuse_device:chr_file rw_file_perms;
|
||||
allow vold sysfs_zram:dir r_dir_perms;
|
||||
allow vold sysfs_zram_uevent:file rw_file_perms;
|
||||
|
||||
# MoveTask.cpp executes cp and rm
|
||||
allow vold toolbox_exec:file rx_file_perms;
|
||||
|
||||
neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
|
||||
neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
|
||||
neverallow { domain -vold -init } vold_data_file:dir *;
|
||||
|
Loading…
Reference in New Issue
Block a user