p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

goldfish_setup: grant /system/bin/sh exec access 

The goldfish_setup shell script needs the ability to execute
the shell script interpreter. Allow it.

Addresses the following denial:

avc: denied { getattr } for pid=1220 comm="init.goldfish.s"
path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0
tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0

(cherrypicked from commit 501c88c029)

Bug: 28941573
Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d
This commit is contained in:
Nick Kralevich 2016-05-24 17:36:23 -07:00
parent e5c1af2dd0
commit 03bfdea1a3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
target/board/generic/sepolicy/goldfish_setup.te
View File

@ -5,7 +5,7 @@ type goldfish_setup_exec, exec_type, file_type;
init_daemon_domain(goldfish_setup)
# Inherit open file to shell (interpreter) for script.
allow goldfish_setup shell_exec:file read;
allow goldfish_setup shell_exec:file rx_file_perms;
# Run ifconfig, route commands to configure interfaces and routes.
allow goldfish_setup system_file:file execute_no_trans;