From e8c93af4e7839ab8020b1714d59f9b946e079ad8 Mon Sep 17 00:00:00 2001 From: Mimi Wu Date: Wed, 12 Feb 2020 14:47:56 +0800 Subject: [PATCH] sm7250-common: sepolicy: Add sepolicy for kernel to access /data/per_boot/zram_swap type=1400 audit(1581485243.256:88): avc: denied { read } for comm="loop29" path="/data/per_boot/zram_swap" dev="dm-9" ino=9820 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0 Bug: 147469156 Test: flash full build and find avc errors gone Change-Id: I48d7684ce3b4ca1ada81011b1cab21007c758ba5 Signed-off-by: Mimi Wu Signed-off-by: aswin7469 Signed-off-by: Sandeep-FED Signed-off-by: Sandeep P S --- sepolicy/vendor/file.te | 3 +++ sepolicy/vendor/file_contexts | 1 + sepolicy/vendor/kernel.te | 1 + 3 files changed, 5 insertions(+) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 0db190d..34ce0dd 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -21,3 +21,6 @@ type sysfs_tpd, fs_type, sysfs_type; type sysfs_tri_state_key, sysfs_type, fs_type; type sysfs_vl53l1, fs_type, sysfs_type; type vendor_sysfs_video_call_on, fs_type, sysfs_type; + +# Data files +type per_boot_file, file_type, data_file_type, core_data_file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index a20222f..f81f7aa 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -26,6 +26,7 @@ # Data files /data/reserve-lib(/.*)? u:object_r:apk_data_file:s0 +/data/per_boot(/.*)? u:object_r:per_boot_file:s0 # Devices diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te index 03ad952..bf4aeb1 100644 --- a/sepolicy/vendor/kernel.te +++ b/sepolicy/vendor/kernel.te @@ -1,2 +1,3 @@ allow kernel param_block_device:dir search; allow kernel param_block_device:blk_file rw_file_perms; +allow kernel per_boot_file:file r_file_perms;