From 7cba5da2f6923316dea6542ef63883533337dfd8 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 22 May 2014 16:48:20 -0700
Subject: [PATCH] Label /dev/socket/zygote_secondary

zygote_secondary talks over a different socket named
/dev/socket/zygote_secondary. Make sure it's properly labeled.

See https://android-review.googlesource.com/89604

Addresses the following denial:

<12>[   48.442004] type=1400 audit(1400801842.179:5): avc:  denied  { write } for  pid=1082 comm="main" name="zygote_secondary" dev="tmpfs" ino=9953 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1

Bug: 13647418
Change-Id: I1ff5f1d614295a5870bb8a3992ad9167e1656c92
---
 file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/file_contexts b/file_contexts
index 67b502118..b7d3cb1ed 100644
--- a/file_contexts
+++ b/file_contexts
@@ -99,6 +99,7 @@
 /dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
 /dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
 /dev/socket/zygote	u:object_r:zygote_socket:s0
+/dev/socket/zygote_secondary	u:object_r:zygote_socket:s0
 /dev/spdif_out.*	u:object_r:audio_device:s0
 /dev/tegra.*		u:object_r:video_device:s0
 /dev/tf_driver		u:object_r:tee_device:s0
-- 
GitLab