StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

goldfish_setup: grant /system/bin/sh exec access

Browse Source 
The goldfish_setup shell script needs the ability to execute
the shell script interpreter. Allow it.

Addresses the following denial:

avc: denied { getattr } for pid=1220 comm="init.goldfish.s"
path="/system/bin/sh" dev="vda" ino=442 scontext=u:r:goldfish_setup:s0
tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0

Bug: 28941573
Change-Id: I22d26e90f107c8d801229354a5e0513c37e6c31d
This commit is contained in:
Nick Kralevich
2016-05-24 17:36:23 -07:00
parent 2af23a3c20
commit 501c88c029
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
target/board/generic/sepolicy/goldfish_setup.te
View File

@@ -5,7 +5,7 @@ type goldfish_setup_exec, exec_type, file_type;
init_daemon_domain(goldfish_setup) init_daemon_domain(goldfish_setup)
# Inherit open file to shell (interpreter) for script. # Inherit open file to shell (interpreter) for script.
allow goldfish_setup shell_exec:file read; allow goldfish_setup shell_exec:file rx_file_perms;
# Run ifconfig, route commands to configure interfaces and routes. # Run ifconfig, route commands to configure interfaces and routes.
allow goldfish_setup system_file:file execute_no_trans; allow goldfish_setup system_file:file execute_no_trans;