Add configfs file permissions to init.

These were previously in device specific sepolicies. They should be in core sepolicy to reflect their use by a core init file, init.usb.configfs.rc. Addresses denial: init : type=1400 audit(0.0:135): avc: denied { unlink } for name="f1" dev="configfs" ino=10923 scontext=u:r:init:s0 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 Test: denial addressed Change-Id: I869892f9d0c311b727462fb380f4160feb986215

Add configfs file permissions to init.
These were previously in device specific sepolicies. They should be in core sepolicy to reflect their use by a core init file, init.usb.configfs.rc. Addresses denial: init : type=1400 audit(0.0:135): avc: denied { unlink } for name="f1" dev="configfs" ino=10923 scontext=u:r:init:s0 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 Test: denial addressed Change-Id: I869892f9d0c311b727462fb380f4160feb986215
f3b5bd64 · Jerry Zhang · 20fe64e7 · f3b5bd64
Commit f3b5bd64 authored 7 years ago by Jerry Zhang
--- a/public/init.te
+++ b/public/init.te
@@ -85,6 +85,7 @@ allow init cpuctl_device:dir { create mounton };
 # /config
 allow init configfs:dir mounton;
 allow init configfs:dir create_dir_perms;
+allow init configfs:{ file lnk_file } create_file_perms;
 # Use tmpfs as /data, used for booting when /data is encrypted
 allow init tmpfs:dir relabelfrom;