From 59e3d7b42dab41a42c37c84ec872a8584c4e7258 Mon Sep 17 00:00:00 2001
From: Daichi Hirono <hirono@google.com>
Date: Thu, 28 Jan 2016 15:59:14 +0900
Subject: [PATCH] Fix SELinux warning when passing fuse FD from system server.

Before applying the CL, Android shows the following error when passing
FD of /dev/fuse.

> Binder_2: type=1400 audit(0.0:38): avc: denied { getattr } for
> path="/dev/fuse" dev="tmpfs" ino=9300 scontext=u:r:system_server:s0
> tcontext=u:object_r:fuse_device:s0 tclass=chr_file permissive=0

Change-Id: I59dec819d79d4e2e1a8e42523b6f521481cb2afd
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index eae67ed91..7050980cc 100644
--- a/system_server.te
+++ b/system_server.te
@@ -441,7 +441,7 @@ userdebug_or_eng(`
 
 # For AppFuse.
 allow system_server vold:fd use;
-allow system_server fuse_device:chr_file { read write ioctl };
+allow system_server fuse_device:chr_file { read write ioctl getattr };
 
 # Connect to adbd and use a socket transferred from it.
 # Used for e.g. jdwp.
-- 
GitLab