Skip to content
Snippets Groups Projects
Commit a8e0f76c authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Define policy for "loop-control" device.

Per loop(4), this device is the preferred way of allocating new
loop devices since Linux 3.1.

avc: denied { read write } for name="loop-control" dev="tmpfs" ino=15221 scontext=u:r:vold:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 34903607
Change-Id: I1f5f62cf0a1c24c6f6453100004812af4b8e1503
parent 5d0c2e41
No related branches found
No related tags found
No related merge requests found
...@@ -92,6 +92,7 @@ ...@@ -92,6 +92,7 @@
/dev/keychord u:object_r:keychord_device:s0 /dev/keychord u:object_r:keychord_device:s0
/dev/kmem u:object_r:kmem_device:s0 /dev/kmem u:object_r:kmem_device:s0
/dev/log(/.*)? u:object_r:log_device:s0 /dev/log(/.*)? u:object_r:log_device:s0
/dev/loop-control u:object_r:loop_control_device:s0
/dev/mem u:object_r:kmem_device:s0 /dev/mem u:object_r:kmem_device:s0
/dev/modem.* u:object_r:radio_device:s0 /dev/modem.* u:object_r:radio_device:s0
/dev/mtd(/.*)? u:object_r:mtd_device:s0 /dev/mtd(/.*)? u:object_r:mtd_device:s0
......
...@@ -12,6 +12,7 @@ type block_device, dev_type; ...@@ -12,6 +12,7 @@ type block_device, dev_type;
type camera_device, dev_type; type camera_device, dev_type;
type dm_device, dev_type; type dm_device, dev_type;
type keychord_device, dev_type; type keychord_device, dev_type;
type loop_control_device, dev_type;
type loop_device, dev_type; type loop_device, dev_type;
type pmsg_device, dev_type, mlstrustedobject; type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type; type radio_device, dev_type;
......
...@@ -64,6 +64,7 @@ allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner ...@@ -64,6 +64,7 @@ allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold app_data_file:dir search; allow vold app_data_file:dir search;
allow vold app_data_file:file rw_file_perms; allow vold app_data_file:file rw_file_perms;
allow vold loop_control_device:chr_file rw_file_perms;
allow vold loop_device:blk_file { create setattr unlink rw_file_perms }; allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
allow vold vold_device:blk_file { create setattr unlink rw_file_perms }; allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
allow vold dm_device:chr_file rw_file_perms; allow vold dm_device:chr_file rw_file_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment