ueventd: Add policy support for ueventd labeling changes

Currently, ueventd only modifies the SELinux label on a file if the entry exists in /ueventd.rc. Add policy support to enable an independent restorecon_recursive whenever a uevent message occurs. Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac

ueventd: Add policy support for ueventd labeling changes
b8bdfde3 · Nick Kralevich · 5b2ed833 · b8bdfde3
Commit b8bdfde3 authored 10 years ago by Nick Kralevich
--- a/ueventd.te
+++ b/ueventd.te
@@ -10,7 +10,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;