Skip to content

Commit

Permalink
Label /firmware as firmware_file.
Browse files Browse the repository at this point in the history 
This corrects an incorrect labeling of this filesystem (was
previously sdcard_external) and fixes a ueventd denial.

Addresses the following denials:

<5>[    4.739128] type=1400 audit(804445.290:5): avc:  denied  { read } for  pid=205 comm="ueventd" name="mba.mdt" dev="mmcblk0p1" ino=3 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard_external:s0 tclass=file
<5>[    4.739285] type=1400 audit(804445.290:6): avc:  denied  { open } for  pid=205 comm="ueventd" name="mba.mdt" dev="mmcblk0p1" ino=3 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard_external:s0 tclass=file
<5>[    4.739474] type=1400 audit(804445.290:7): avc:  denied  { getattr } for  pid=205 comm="ueventd" path="/firmware/image/mba.mdt" dev="mmcblk0p1" ino=3 scontext=u:r:ueventd:s0 tcontext=u:object_r:sdcard_external:s0 tclass=file

Change-Id: I2927eaad3259424bf09c8ed7c0878a6643bc3214
  • Loading branch information
@nickkral
nickkral committed Nov 2, 2013
1 parent d1a8d09 commit 674a5c2
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 1 deletion.
2 changes: 2 additions & 0 deletions BoardConfig.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,10 @@ BOARD_SEPOLICY_DIRS += \

# The list below is order dependent
BOARD_SEPOLICY_UNION += \
file.te \
device.te \
app.te \
ueventd.te \
file_contexts

HAVE_ADRENO_SOURCE:= false
Expand Down
2 changes: 1 addition & 1 deletion fstab.hammerhead
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc,nomblk_io_submit,errors=panic wait
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337 wait
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/misc /misc emmc defaults defaults
Expand Down
2 changes: 2 additions & 0 deletions sepolicy/file.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Default type for anything under /firmware
type firmware_file, fs_type;
2 changes: 2 additions & 0 deletions sepolicy/ueventd.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
allow ueventd firmware_file:dir r_dir_perms;
allow ueventd firmware_file:file r_file_perms;

0 comments on commit 674a5c2

Please sign in to comment.