allow recovery FUNCTIONFS_ENDPOINT_DESC
Commit ebc3a1a3 ("Move to ioctl whitelisting for plain files / directories", Oct 10th), enabled ioctl filtering on all files, including functionfs files. However, recovery performs the ioctl FUNCTIONFS_ENDPOINT_DESC on functionfs files, so allow it. Addresses the following denial: audit: type=1400 audit(673009.476:507811): avc: denied { ioctl } for pid=731 comm="recovery" path="/dev/usb-ffs/adb/ep1" dev="functionfs" ino=473 ioctlcmd=0x6782 scontext=u:r:recovery:s0 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1 Test: policy compiles. Bug: 119877813 Change-Id: I09715acc16ab319b8d8b1f233cefaec23a358962
Loading
Please register or sign in to comment