uncrypt: allow /dev/block directory access.

Uncrypt needs search in /dev/block to open block devices. Allow it. Addresses the following denial: [11105.601711] type=1400 audit(1393550350.528:30): avc: denied { search } for pid=14597 comm="uncrypt" name="block" dev="tmpfs" ino=7200 scontext=u:r:uncrypt:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: I4592784135a04ff5bff2715e1250661744f12aa1
author: Nick Kralevich <nnk@google.com> 2014-02-27 17:24:43 -0800
committer: Nick Kralevich <nnk@google.com> 2014-02-27 17:26:26 -0800
commit: 0a5f561c673a6a781bc2f11ac60d6613c648770c (patch)
tree: ba65bf8d45f4b10d4cc71c5064188193f6bfbf5c /uncrypt.te
parent: 0296b9434f3b933b37f67c143788f87cb80b3325 (diff)
download: android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.gz
android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.bz2
android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/uncrypt.te b/uncrypt.te
index f62fbbf..265a8b1 100644
--- a/uncrypt.te
+++ b/uncrypt.te
@@ -27,3 +27,4 @@ allow uncrypt powerctl_prop:property_service set;
 # Raw writes to block device
 allow uncrypt self:capability sys_rawio;
 allow uncrypt block_device:blk_file w_file_perms;
+allow uncrypt block_device:dir r_dir_perms;
author	Nick Kralevich <nnk@google.com>	2014-02-27 17:24:43 -0800
committer	Nick Kralevich <nnk@google.com>	2014-02-27 17:26:26 -0800
commit	0a5f561c673a6a781bc2f11ac60d6613c648770c (patch)
tree	ba65bf8d45f4b10d4cc71c5064188193f6bfbf5c /uncrypt.te
parent	0296b9434f3b933b37f67c143788f87cb80b3325 (diff)
download	android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.gz android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.bz2 android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.zip