Skip to content
Snippets Groups Projects
Commit d644f260 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

fsck: allow e2fsck to stat swap_block_device 

In libext2fs ext2fs_check_mount_point() calls is_swap_device() to
verify that a device is swap before setting the EXT2_MF_SWAP mount
flag.

Addresses:
avc: denied { getattr } for path="/dev/block/zram0" dev="tmpfs" ino=9951
scontext=u:r:fsck:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file

Bug: 22821100
Change-Id: Ic7a1b6f83b34a40bf4bd35a1564300c58ca27089
parent 540ea534
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
fsck.te
+ 4
0
View file @ d644f260
...@@ -21,6 +21,10 @@ allow fsck userdata_block_device:blk_file rw_file_perms; ...@@ -21,6 +21,10 @@ allow fsck userdata_block_device:blk_file rw_file_perms;
allow fsck cache_block_device:blk_file rw_file_perms; allow fsck cache_block_device:blk_file rw_file_perms;
allow fsck dm_device:blk_file rw_file_perms; allow fsck dm_device:blk_file rw_file_perms;
# fsck performs a stat() on swap to verify that it is a valid
# swap device before setting the EXT2_MF_SWAP mount flag.
allow fsck swap_block_device:blk_file getattr;
### ###
### neverallow rules ### neverallow rules
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment