Skip to content
Snippets Groups Projects
Commit fcd86911 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

allow init fs_type:dir search 

We allow chmod/chown of files / directories by init, but don't allow
init to search into subdirectories. Feels wrong.

Addresses the following denial:

  avc:  denied  { search } for  pid=1 comm="init" name="/" dev="pstore" ino=5570 scontext=u:r:init:s0 tcontext=u:object_r:pstorefs:s0 tclass=dir permissive=1

which results from the following init.rc statement:

  # pstore/ramoops previous console log
  mount pstore pstore /sys/fs/pstore
  chown system log /sys/fs/pstore/console-ramoops
  chmod 0440 /sys/fs/pstore/console-ramoops
  chown system log /sys/fs/pstore/pmsg-ramoops-0
  chmod 0440 /sys/fs/pstore/pmsg-ramoops-0

Bug: 19050686
Change-Id: I0528ecb17686891b66262de1f3c229cc68a56830
parent b00a0379
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment