Skip to content
Snippets Groups Projects
Commit 4c6b1350 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

support kernel writes to external SDcards 

The kernel, when it creates a loop block device, starts a new
kernel thread "loop0" (drivers/block/loop.c). This kernel thread,
which performs writes on behalf of other processes, needs read/write
privileges to the sdcard. Allow it.

Steps to reproduce:
0) Get device with external, removable sdcard
1) Run: "adb install -s foo.apk"

Expected:

  APK installs successfully.

Actual:

  APK fails to install. Error message:

    Vold  E  Failed to write superblock (I/O error)
    loop0  W  type=1400 audit(0.0:3123): avc: denied { read } for path="/mnt/secure/asec/smdl1645334795.tmp.asec" dev="mmcblk1p1" ino=528 scontext=u:r:kernel:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
    PackageHelper  E  Failed to create secure container smdl1645334795.tmp
    DefContainer  E  Failed to create container smdl1645334795.tmp

Bug: 17158723
Change-Id: I4aa86e372cc55348f6b8becfa17bd4da583925d4
parent 0d3f7ddc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 2 deletions
kernel.te
+ 3
2
View file @ 4c6b1350
...@@ -34,8 +34,9 @@ dontaudit kernel self:security setenforce; ...@@ -34,8 +34,9 @@ dontaudit kernel self:security setenforce;
# Set checkreqprot by init.rc prior to switching to init domain. # Set checkreqprot by init.rc prior to switching to init domain.
allow kernel self:security setcheckreqprot; allow kernel self:security setcheckreqprot;
# MTP sync # MTP sync (b/15835289)
allow kernel fuse:file { read write }; # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
allow kernel sdcard_type:file { read write };
### ###
### neverallow rules ### neverallow rules
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment