From 5a5fb85f1ef3f424a677678c832b72dcfeb6df2b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 7 Jun 2014 07:31:31 -0700
Subject: [PATCH] label usbfs

Right now usbfs doesn't have any labels, generating the
following kernel warnings:

<7>[    3.009582] SELinux: initialized (dev usbfs, type usbfs), not configured for labeling

and the occasional SELinux unlabeled auditallow logs:

<4>[  285.579254] type=1400 audit(1402010345.094:16): avc: granted { search } for pid=371 comm="qcks" name="/" dev="usbfs" ino=15794 scontext=u:r:kickstart:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
<4>[  285.632354] type=1400 audit(1402010345.154:18): avc: granted { search } for pid=371 comm="qcks" name="001" dev="usbfs" ino=15796 scontext=u:r:kickstart:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir

Make sure usbfs is assigned via genfscon

Change-Id: I7191f2584014ba55a3c3a98e7efd0350dc958782
---
 file.te        | 1 +
 genfs_contexts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/file.te b/file.te
index 21bba2e24..b031d747c 100644
--- a/file.te
+++ b/file.te
@@ -34,6 +34,7 @@ type debugfs, fs_type, mlstrustedobject;
 type pstorefs, fs_type;
 type functionfs, fs_type;
 type oemfs, fs_type;
+type usbfs, fs_type;
 
 # File types
 type unlabeled, file_type;
diff --git a/genfs_contexts b/genfs_contexts
index ec636b6e9..a01883347 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -30,3 +30,4 @@ genfscon debugfs / u:object_r:debugfs:s0
 genfscon fuse / u:object_r:sdcard_internal:s0
 genfscon pstore / u:object_r:pstorefs:s0
 genfscon functionfs / u:object_r:functionfs:s0
+genfscon usbfs / u:object_r:usbfs:s0
-- 
GitLab