sepolicy: Allow sysfs_devices_block to f2fs-tools

The fsck.f2fs checks the sysfs entries of block devices to get disk information. Note that, the block device entries are device-specific. 1. fsck.f2fs avc: denied { search } for comm="fsck.f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 avc: denied { getattr } for comm="fsck.f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda7/partition" dev="sysfs" ino=60672 scontext=u:r:fsck:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 2. mkfs.f2fs avc: denied { search } for comm="make_f2fs" name="0:0:0:0" dev="sysfs" ino=59803 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=dir permissive=0 avc: denied { getattr } for comm="make_f2fs" path="/sys/devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:0/block/sda/sda8/partition" dev="sysfs" ino=61046 scontext=u:r:e2fs:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0 Bug: 172377740 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Change-Id: I409feec84565f965baa96b06a5b08bcfc1a8db02 Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
2022-05-24 17:41:40 -07:00 · 2022-05-24 17:41:40 -07:00 · 4a4e38553f
parent 16ab1d68d2
commit 4a4e38553f
2 changed files with 4 additions and 0 deletions
--- a/sepolicy/generic/vendor/common/e2fs.te
+++ b/sepolicy/generic/vendor/common/e2fs.te
@ -0,0 +1,2 @@
+allow e2fs vendor_sysfs_mmc_host:dir r_dir_perms;
+allow e2fs vendor_sysfs_mmc_host:file r_file_perms;
--- a/sepolicy/generic/vendor/common/fsck.te
+++ b/sepolicy/generic/vendor/common/fsck.te
@ -0,0 +1,2 @@
+allow fsck vendor_sysfs_mmc_host:dir r_dir_perms;
+allow fsck vendor_sysfs_mmc_host:file r_file_perms;