Allowing vold to search /mnt/vendor/* (7b67a617) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 7b67a617 authored 6 years ago by Bowgo Tsai

Allowing vold to search /mnt/vendor/*

vold will trim rw mount points about daily, but it is denied by SELinux:

root   603   603 W Binder:603_2: type=1400 audit(0.0:11): avc: denied {
search } for name="vendor" dev="tmpfs" ino=23935 scontext=u:r:vold:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0

Allowing vold to search /mnt/vendor/* to fix the denials.

Note that device-specific sepolicy needs to be extended to allow vold
to send FITRIM ioctl. e.g., for /mnt/vendor/persist, it needs:

    allow vold persist_file:dir { ioctl open read };

Bug: 111409607
Test: boot a device, checks the above denial is gone
Change-Id: Ia9f22d973e5a2e295678781de49a0f61fccd9dad

parent 32809859

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 4 additions and 0 deletions

Please register or to comment