From 509186dea59e5ff115b72c282aff1b8c0c47c4f6 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 10 Feb 2015 16:13:45 -0500
Subject: [PATCH] Allow fsck to search /dev/block.

Addresses denials such as:
avc:  denied  { search } for  pid=143 comm="e2fsck" name="block" dev="tmpfs" ino=5987 scontext=u:r:fsck:s0 tcontext=u:object_r:block_device:s0 tclass=dir

Change-Id: Ieb72fc5e28146530c2f3b235ce74f2f397e49c56
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 fsck.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fsck.te b/fsck.te
index ab313eb31..22ff7b1a9 100644
--- a/fsck.te
+++ b/fsck.te
@@ -12,6 +12,7 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };
 
 # Run e2fsck on block devices.
+allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
 
-- 
GitLab