From 44f3d0f0975dc9822dd91650adb6fc2a6a3575c0 Mon Sep 17 00:00:00 2001
From: Hridya Valsaraju <hridya@google.com>
Date: Tue, 11 Dec 2018 11:10:28 -0800
Subject: [PATCH] Add a few permissions required by fastbootd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

These address the following denials:

avc: denied { getattr } for pid=547 comm="fastbootd"
path="/dev/block" dev="tmpfs" ino=18532 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1␍

avc: denied { read } for pid=547 comm="fastbootd" name="fstab"
dev="sysfs" ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1␍␊

avc: denied { open } for pid=547 comm="fastbootd"
path="/sys/firmware/devicetree/base/firmware/android/fstab" dev="sysfs"]
ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1

Bug: 119115481
Test: fastboot flashall
Change-Id: I97dc783ceef396145e3baa5d79194560fc0634f7
---
 public/fastbootd.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/fastbootd.te b/public/fastbootd.te
index 4b79b6446..1d77fd16b 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -61,8 +61,13 @@ recovery_only(`
 
   allow fastbootd proc_cmdline:file r_file_perms;
   allow fastbootd rootfs:dir r_dir_perms;
+
+  # Needed to read fstab node from device tree.
   allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
+  allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
 
+  # Needed for realpath() call to resolve symlinks.
+  allow fastbootd block_device:dir getattr;
   userdebug_or_eng(`
     # Refined manipulation of /mnt/scratch, without these perms resorts
     # to deleting scratch partition when partition(s) are flashed.
-- 
GitLab