diff options
author | Nick Kralevich <nnk@google.com> | 2014-02-27 17:24:43 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-02-27 17:26:26 -0800 |
commit | 0a5f561c673a6a781bc2f11ac60d6613c648770c (patch) | |
tree | ba65bf8d45f4b10d4cc71c5064188193f6bfbf5c /uncrypt.te | |
parent | 0296b9434f3b933b37f67c143788f87cb80b3325 (diff) | |
download | android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.gz android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.tar.bz2 android_external_sepolicy-0a5f561c673a6a781bc2f11ac60d6613c648770c.zip |
uncrypt: allow /dev/block directory access.
Uncrypt needs search in /dev/block to open block devices.
Allow it.
Addresses the following denial:
[11105.601711] type=1400 audit(1393550350.528:30): avc: denied { search } for pid=14597 comm="uncrypt" name="block" dev="tmpfs" ino=7200 scontext=u:r:uncrypt:s0 tcontext=u:object_r:block_device:s0 tclass=dir
Change-Id: I4592784135a04ff5bff2715e1250661744f12aa1
Diffstat (limited to 'uncrypt.te')
-rw-r--r-- | uncrypt.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -27,3 +27,4 @@ allow uncrypt powerctl_prop:property_service set; # Raw writes to block device allow uncrypt self:capability sys_rawio; allow uncrypt block_device:blk_file w_file_perms; +allow uncrypt block_device:dir r_dir_perms; |