Allow fsck to search /dev/block.

Addresses denials such as: avc: denied { search } for pid=143 comm="e2fsck" name="block" dev="tmpfs" ino=5987 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: Ieb72fc5e28146530c2f3b235ce74f2f397e49c56 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2015-02-10 16:13:45 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2015-02-10 16:13:45 -0500
commit: 509186dea59e5ff115b72c282aff1b8c0c47c4f6 (patch)
tree: 7b5535c12e8354674daabf89e806ce1d8127b649 /fsck.te
parent: f6cc34e098a9c4b1a149417adf42a85445dba330 (diff)
download: android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.tar.gz
android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.tar.bz2
android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/fsck.te b/fsck.te
index ab313eb..22ff7b1 100644
--- a/fsck.te
+++ b/fsck.te
@@ -12,6 +12,7 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };
 
 # Run e2fsck on block devices.
+allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
author	Stephen Smalley <sds@tycho.nsa.gov>	2015-02-10 16:13:45 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2015-02-10 16:13:45 -0500
commit	509186dea59e5ff115b72c282aff1b8c0c47c4f6 (patch)
tree	7b5535c12e8354674daabf89e806ce1d8127b649 /fsck.te
parent	f6cc34e098a9c4b1a149417adf42a85445dba330 (diff)
download	android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.tar.gz android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.tar.bz2 android_external_sepolicy-509186dea59e5ff115b72c282aff1b8c0c47c4f6.zip