NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

non_plat: Allow vold to manage sysfs_mmcblk device

Browse Source 
During init, vold needs rw permissions in order to manage block devices.
This change allows the required permissions.

Denial observed without this change:
[    7.574441] .(1)[397:logd.auditd]type=1400 audit(1608975791.836:9): avc: denied { write } for comm="Binder:379_2" name="uevent" dev="sysfs" ino=35884 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmcblk:s0 tclass=file permissive=1

Test: Boot and observe that denial has disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I3fa256cf5957f0af3fa2628833820f0f9fcf298b
This commit is contained in:
Aayush Gupta 2020-12-27 15:19:51 +05:30
parent 1957ab0ba8
commit 590a77d53d
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
non_plat/vold.te
View File

@ -44,3 +44,5 @@ allow vold protect1_block_device:blk_file getattr;
allow vold protect2_block_device:blk_file getattr;
allow vold proc_swaps:file getattr;
allow vold swap_block_device:blk_file getattr;
allow vold sysfs_mmcblk:file rw_file_perms;