sepolicy: Allow init to perform different operations with configfs
This change adds required permission to perform different operations
with mounted configfs to avoid below seen denials.
type=1400 audit(516.095:14): avc: denied { write } for pid=1 comm="init"
name="bcdUSB" dev="configfs" ino=1559 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.095:15): avc: denied { write } for pid=1 comm="init"
name="use" dev="configfs" ino=1560 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.103:16): avc: denied { write } for pid=1 comm="init"
name="serialnumber" dev="configfs" ino=1561 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.115:17): avc: denied { write } for pid=1 comm="init"
name="manufacturer" dev="configfs" ino=1562 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.131:18): avc: denied { write } for pid=1 comm="init"
name="product" dev="configfs" ino=1563 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.215:23): avc: denied { write } for pid=1 comm="init"
name="b_vendor_code" dev="configfs" ino=1580 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.219:24): avc: denied { write } for pid=1 comm="init"
name="qw_sign" dev="configfs" ino=1581 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file permissive=0
type=1400 audit(516.227:25): avc: denied { create } for pid=1 comm="init"
name="b.1" scontext=u:r:init:s0 tcontext=u:object_r:configfs:s0
tclass=lnk_file permissive=0
type=1400 audit(521.163:53): avc: denied { search } for pid=3249 comm="sh"
name="/" dev="configfs" ino=2306 scontext=u:r:qti_init_shell:s0
tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
CRs-Fixed: 1012783
Change-Id: Ia3387c03c041c0117b76999101a27561d5b82c6c
Loading
Please sign in to comment