add support for fsck.f2fs

The Nexus 9 uses f2fs for /data. Make sure to properly label /system/bin/fsck.f2fs so that the appropriate domain transition occurs. Add support for getattr on devpts, required for fsck.f2fs. Addresses the following denials: avc: denied { execute_no_trans } for pid=172 comm="init" path="/system/bin/fsck.f2fs" dev="dm-0" ino=272 scontext=u:r:init:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=0 avc: denied { getattr } for pid=170 comm="fsck.f2fs" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:fsck:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1 Change-Id: I34b3f91374d1eb3fb4ba76abce14ff67db259f96

add support for fsck.f2fs
57a17d14 · Nick Kralevich · ad151a23 · 57a17d14 · 57a17d14
Commit 57a17d14 authored 10 years ago by Nick Kralevich
--- a/file_contexts
+++ b/file_contexts
@@ -126,6 +126,7 @@
 #
 /system(/.*)?		u:object_r:system_file:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
+/system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
 /system/bin/toolbox	--	u:object_r:toolbox_exec:s0
 /system/bin/logcat	--	u:object_r:logcat_exec:s0
 /system/bin/sh		--	u:object_r:shell_exec:s0

--- a/fsck.te
+++ b/fsck.te
@@ -10,7 +10,7 @@ init_daemon_domain(fsck)
 allow fsck tmpfs:chr_file { read write ioctl };
 # Inherit and use pty created by android_fork_execvp_ext().
-allow fsck devpts:chr_file { read write ioctl };
+allow fsck devpts:chr_file { read write ioctl getattr };
 # Run e2fsck on block devices.
 # TODO:  Assign userdata and cache block device types to the corresponding