From 501c88c0290eb2308c110398f106411260863bb8 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Tue, 24 May 2016 17:36:23 -0700 Subject: [PATCH] goldfish_setup: grant /system/bin/sh exec access The goldfish_setup shell script needs the ability to execute the shell script interpreter. Allow it. Addresses the following denial: avc: denied { getattr } for pid=1220 comm="init.goldfish.s" path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0 Bug: 28941573 Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d --- target/board/generic/sepolicy/goldfish_setup.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te index bce196a7d..b8f121cda 100644 --- a/target/board/generic/sepolicy/goldfish_setup.te +++ b/target/board/generic/sepolicy/goldfish_setup.te @@ -5,7 +5,7 @@ type goldfish_setup_exec, exec_type, file_type; init_daemon_domain(goldfish_setup) # Inherit open file to shell (interpreter) for script. -allow goldfish_setup shell_exec:file read; +allow goldfish_setup shell_exec:file rx_file_perms; # Run ifconfig, route commands to configure interfaces and routes. allow goldfish_setup system_file:file execute_no_trans;