diff options
| author | Nick Kralevich <nnk@google.com> | 2014-04-15 14:53:05 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-04-15 15:12:45 -0700 |
| commit | 77cc05502f34090c4daaf06c92692bd3b85a861c (patch) | |
| tree | 6f3e298f6d5be44ec01b0292911fcb0091c0a15f /genfs_contexts | |
| parent | 53667e259fb2b8e52ea3302dd072113ae0cb2427 (diff) | |
| download | android_external_sepolicy-77cc05502f34090c4daaf06c92692bd3b85a861c.tar.gz android_external_sepolicy-77cc05502f34090c4daaf06c92692bd3b85a861c.tar.bz2 android_external_sepolicy-77cc05502f34090c4daaf06c92692bd3b85a861c.zip | |
Label /dev/usb-ffs/adb functionfs
Newer adbd versions use functionfs instead of a custom adb usb gadget.
Make sure the functionfs filesystem is properly labeled, and that adbd
has access to the functionfs files.
Once labeled, this addresses the following denials:
<12>[ 16.127191] type=1400 audit(949060866.189:4): avc: denied { read write } for pid=223 comm="adbd" name="ep0" dev="functionfs" ino=5489 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file
<12>[ 16.127406] type=1400 audit(949060866.189:5): avc: denied { open } for pid=223 comm="adbd" path="/dev/usb-ffs/adb/ep0" dev="functionfs" ino=5489 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file
<12>[ 377.366011] type=1400 audit(949061227.419:16): avc: denied { ioctl } for pid=225 comm="adbd" path="/dev/usb-ffs/adb/ep2" dev="functionfs" ino=5564 scontext=u:r:adbd:s0 tcontext=u:object_r:functionfs:s0 tclass=file
Change-Id: Iee8b522e48b4d677fd12f7c83dbc7ffbc9543ad2
Diffstat (limited to 'genfs_contexts')
| -rw-r--r-- | genfs_contexts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/genfs_contexts b/genfs_contexts index 07208f9..ec636b6 100644 --- a/genfs_contexts +++ b/genfs_contexts @@ -29,3 +29,4 @@ genfscon vfat / u:object_r:sdcard_external:s0 genfscon debugfs / u:object_r:debugfs:s0 genfscon fuse / u:object_r:sdcard_internal:s0 genfscon pstore / u:object_r:pstorefs:s0 +genfscon functionfs / u:object_r:functionfs:s0 |