Allow shell serial_device read-write access

When starting the emulator, the system console writes entries to /dev/ttyS2. We need to allow the writes, otherwise this generates denials when you run "emulator -verbose -logcat '*:v' -show-kernel" Addresses the following denial: type=1400 audit(1395076594.320:446): avc: denied { read write } for pid=5600 comm="sh" path="/dev/ttyS2" dev="tmpfs" ino=1487 scontext=u:r:shell:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file Bug: 13506702 Change-Id: I3729537cabb0bf8e8b2905d3def43a293bb1081f
2014-03-18 15:17:35 -07:00
parent 1cda15d323
commit b20966f803
5 changed files with 5 additions and 0 deletions
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -86,5 +86,6 @@ BOARD_SEPOLICY_UNION += \
        mediaserver.te \
        qemud.te \
        rild.te \
+        shell.te \
        surfaceflinger.te \
        system_server.te
--- a/target/board/generic/sepolicy/shell.te
+++ b/target/board/generic/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell serial_device:chr_file rw_file_perms;
--- a/target/board/generic_mips/BoardConfig.mk
+++ b/target/board/generic_mips/BoardConfig.mk
@@ -68,5 +68,6 @@ BOARD_SEPOLICY_UNION += \
        mediaserver.te \
        qemud.te \
        rild.te \
+        shell.te \
        surfaceflinger.te \
        system_server.te
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -54,5 +54,6 @@ BOARD_SEPOLICY_UNION += \
        mediaserver.te \
        qemud.te \
        rild.te \
+        shell.te \
        system_server.te \
        zygote.te
--- a/target/board/generic_x86/sepolicy/shell.te
+++ b/target/board/generic_x86/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell serial_device:chr_file rw_file_perms;
				`@@ -0,0 +1 @@`
				`allow shell serial_device:chr_file rw_file_perms;`