allow init swapon()

swapon(2) requires write access to the underlying block device. Allow it. Addresses the following denial: avc: denied { write } for pid=1 comm="init" name="zram0" dev="tmpfs" ino=6267 scontext=u:r:init:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0 Change-Id: Id1a4f51038d0b6ce7351294698a0ff146d6e4643

allow init swapon()
swapon(2) requires write access to the underlying block device. Allow it. Addresses the following denial: avc: denied { write } for pid=1 comm="init" name="zram0" dev="tmpfs" ino=6267 scontext=u:r:init:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0 Change-Id: Id1a4f51038d0b6ce7351294698a0ff146d6e4643
beb279c7 · Nick Kralevich · 57a17d14 · beb279c7
Commit beb279c7 authored 10 years ago by Nick Kralevich
--- a/init.te
+++ b/init.te
@@ -102,6 +102,10 @@ allow init self:udp_socket { create ioctl };
 # set scheduling parameters for a kernel domain task.
 allow init kernel:process setsched;

+# swapon() needs write access to swap device
+# system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all
+allow init swap_block_device:blk_file rw_file_perms;
+
 ###
 ### neverallow rules
 ###