diff options
author | Nick Kralevich <nnk@google.com> | 2015-01-31 14:56:46 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-01-31 15:05:48 -0800 |
commit | 7f14924d0209e18fcbc46d3d3beec1241bb0c16c (patch) | |
tree | 29f38b33cfbb7a886a4ffb5e0698390570f298c6 | |
parent | 0e7ddd0a86f8006501afd74463914054abcef353 (diff) | |
download | mako-7f14924d0209e18fcbc46d3d3beec1241bb0c16c.tar.gz |
Allow init to rm /dev/diag
Commit 69e1ad839d8a89f55eb226a639c760ac09e7135a
(AOSP cherrypick 3ac5654c0a144eda4925c70e5c2f275e95c31e7c) ensures
that /dev/diag is always removed on boot. Allow for it in
SELinux policy.
Addresses the following denial:
audit(1422745424.741:5): avc: denied { unlink } for pid=1 comm="init" name="diag" dev="tmpfs" ino=8302 scontext=u:r:init:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file
Change-Id: If20ae7eb64356c06e94873dec89fc1ca576fe74a
-rw-r--r-- | BoardConfig.mk | 1 | ||||
-rw-r--r-- | sepolicy/init.te | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index c8aebdc..e8fa66f 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -112,6 +112,7 @@ BOARD_SEPOLICY_UNION += \ file.te \ file_contexts \ hostapd.te \ + init.te \ kickstart.te \ mediaserver.te \ mpdecision.te \ diff --git a/sepolicy/init.te b/sepolicy/init.te new file mode 100644 index 0000000..14f1b92 --- /dev/null +++ b/sepolicy/init.te @@ -0,0 +1 @@ +allow init diag_device:chr_file unlink; |