From d644f260665f24ba37069861c717ad55b00e9bfc Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 21 Jan 2016 14:43:36 -0800
Subject: [PATCH] fsck: allow e2fsck to stat swap_block_device

In libext2fs ext2fs_check_mount_point() calls is_swap_device() to
verify that a device is swap before setting the EXT2_MF_SWAP mount
flag.

Addresses:
avc: denied { getattr } for path="/dev/block/zram0" dev="tmpfs" ino=9951
scontext=u:r:fsck:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file

Bug: 22821100
Change-Id: Ic7a1b6f83b34a40bf4bd35a1564300c58ca27089
---
 fsck.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fsck.te b/fsck.te
index e90a49e9b..cdf1188aa 100644
--- a/fsck.te
+++ b/fsck.te
@@ -21,6 +21,10 @@ allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
 allow fsck dm_device:blk_file rw_file_perms;
 
+# fsck performs a stat() on swap to verify that it is a valid
+# swap device before setting the EXT2_MF_SWAP mount flag.
+allow fsck swap_block_device:blk_file getattr;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab