From d94b78c908eafb9c57b17d8ad31842df5a0139a9 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 19 Dec 2014 16:19:05 -0800
Subject: [PATCH] toolbox: android_fork_execvp_ext() requires getattr ioctl

Addresses the following denials:

  avc:  denied  { getattr } for  pid=148 comm="mkswap" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:toolbox:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1
  avc:  denied  { ioctl } for  pid=148 comm="mkswap" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:toolbox:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1

Change-Id: I88c88493cd5f523b5b26a8028b421b3565aa5751
---
 toolbox.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolbox.te b/toolbox.te
index 5d7f824d8..105675628 100644
--- a/toolbox.te
+++ b/toolbox.te
@@ -12,7 +12,7 @@ init_daemon_domain(toolbox)
 allow toolbox tmpfs:chr_file { read write ioctl };
 
 # Inherit and use pty created by android_fork_execvp_ext().
-allow toolbox devpts:chr_file { read write };
+allow toolbox devpts:chr_file { read write getattr ioctl };
 
 # mkswap-specific.
 # Read/write block devices used for swap partitions.
-- 
GitLab