-
Nick Kralevich authoredWe allow chmod/chown of files / directories by init, but don't allow init to search into subdirectories. Feels wrong. Addresses the following denial: avc: denied { search } for pid=1 comm="init" name="/" dev="pstore" ino=5570 scontext=u:r:init:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=1 which results from the following init.rc statement: # pstore/ramoops previous console log mount pstore pstore /sys/fs/pstore chown system log /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops chown system log /sys/fs/pstore/pmsg-ramoops-0 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 Bug: 19050686 Change-Id: I0528ecb17686891b66262de1f3c229cc68a56830Nick Kralevich authoredWe allow chmod/chown of files / directories by init, but don't allow init to search into subdirectories. Feels wrong. Addresses the following denial: avc: denied { search } for pid=1 comm="init" name="/" dev="pstore" ino=5570 scontext=u:r:init:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=1 which results from the following init.rc statement: # pstore/ramoops previous console log mount pstore pstore /sys/fs/pstore chown system log /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops chown system log /sys/fs/pstore/pmsg-ramoops-0 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 Bug: 19050686 Change-Id: I0528ecb17686891b66262de1f3c229cc68a56830