Allow fsck to search /dev/block.

Addresses denials such as: avc: denied { search } for pid=143 comm="e2fsck" name="block" dev="tmpfs" ino=5987 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=dir Change-Id: Ieb72fc5e28146530c2f3b235ce74f2f397e49c56 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow fsck to search /dev/block.
509186de · Stephen Smalley · f6cc34e0 · 509186de
Commit 509186de authored 10 years ago by Stephen Smalley
--- a/fsck.te
+++ b/fsck.te
@@ -12,6 +12,7 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };

 # Run e2fsck on block devices.
+allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;