diff options
author | Nick Kralevich <nnk@google.com> | 2014-07-09 23:07:10 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-09 23:07:10 -0700 |
commit | 1d2ff869634649955fab0be3fb724d8b937c80bf (patch) | |
tree | 5e50c0283d594208a9def59ec9c50a73d09a5a22 | |
parent | b59dc27a1b580a13c50477d2af1cbdaf95601d8f (diff) | |
download | sepolicy-1d2ff869634649955fab0be3fb724d8b937c80bf.tar.gz |
allow ueventd sysfs_type lnk_file
ueventd is allowed to change files and directories in /sys,
but not symbolic links. This is, at a minimum, causing the
following denial:
type=1400 audit(0.0:5): avc: denied { getattr } for comm="ueventd" path="/sys/devices/tegradc.0/driver" dev=sysfs ino=3386 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_tegradc:s0 tclass=lnk_file
Allow ueventd to modify labeling / attributes of symlinks.
Change-Id: If641a218e07ef479d1283f3171b2743f3956386d
-rw-r--r-- | ueventd.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -10,7 +10,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da allow ueventd device:file create_file_perms; allow ueventd device:chr_file rw_file_perms; allow ueventd sysfs:file rw_file_perms; -allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr }; +allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr }; allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms }; allow ueventd sysfs_devices_system_cpu:file rw_file_perms; allow ueventd tmpfs:chr_file rw_file_perms; |