Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-03 10:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
26cf500dad
DivestOS/Patches/LineageOS-14.1/android_device_samsung_tuna/0003-fix_denial.patch
Tad b6575a362e Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 22:47:34 -04:00

53 lines
2.8 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: nailyk-fr <nailyk_git@nailyk.fr>
Date: Sun, 13 Aug 2017 20:51:06 +0200
Subject: [PATCH] Tuna: Sepolicy: Label metadata partition
* Label metadata partition to allow vold
accessing it for decryption.
* Wihtout this patchs:
avc: denied { read write } for pid=166 comm="vold" name="mmcblk0p13" dev=tmpfs ino=4564 scontext=u:r:vold:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=145 comm="vold" name="mmcblk0p13" dev=tmpfs ino=4564 scontext=u:r:vold:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=145 comm="vold" name="mmcblk0p13" dev=tmpfs ino=4564 scontext=u:r:vold:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=145 comm="vold" name="mmcblk0p13" dev=tmpfs ino=4564 scontext=u:r:vold:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
avc: denied { read write } for pid=145 comm="vold" name="mmcblk0p13" dev=tmpfs ino=4564 scontext=u:r:vold:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0
who cannot be allowed due to never allow
into system wide policies.
Change-Id: I577794a7298fcd105392699466661a7bd85a6218
---
sepolicy/file_contexts | 2 ++
sepolicy/vold.te | 1 +
2 files changed, 3 insertions(+)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 30159d4..42a58d1 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -49,11 +49,13 @@
# Block devices
/dev/block/mmcblk0 u:object_r:root_block_device:s0
/dev/block/mmcblk0p9 u:object_r:radio_device:s0
+/dev/block/mmcblk0p13 u:object_r:metadata_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/boot u:object_r:boot_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/recovery u:object_r:recovery_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/cache u:object_r:cache_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/system u:object_r:system_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/omap/omap_hsmmc.0/by-name/metadata u:object_r:metadata_block_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/param u:object_r:radio_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/radio u:object_r:radio_device:s0
/dev/block/platform/omap/omap_hsmmc.0/by-name/dgs u:object_r:tee_block_device:s0
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 9ba8469..313104b 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,5 +1,6 @@
# vold
allow vold efs_file:dir { getattr read open ioctl };
+allow vold metadata_block_device:blk_file { read write };
# For 'aes-*' module requests.
allow vold kernel:system module_request;
Reference in New Issue View Git Blame Copy Permalink