fastbootd: Add sepolicy rule for fastbootd

Add sepolicy to allow fastbootd to access citadel_device Note: avc: denied { read write } for pid=526 comm="fastbootd" name="citadel0" dev="tmpfs" ino=18498 scontext=u:r:fastbootd:s0 tcontext=u:object_r:citadel_device:s0 tclass=chr_file permissive=1 Bug: 150929955 Change-Id: I0762c1174d02ebf54f6ba6929265468463e46162
author: josephjang <josephjang@google.com> 2020-09-17 16:50:48 +0800
committer: josephjang <josephjang@google.com> 2020-09-17 16:50:48 +0800
commit: 2a5a8e5fe94c2fdf853b73b95b064f2806cba150 (patch)
tree: bd2c42ab01903c59e88f5353a8f3595df19167d4
parent: 9117d1711d80e4cf9888c7a21ba887cb203b291c (diff)
download: crosshatch-sepolicy-2a5a8e5fe94c2fdf853b73b95b064f2806cba150.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 505f26d..2488ddf 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -6,6 +6,7 @@ recovery_only(`
 
   allow fastbootd devinfo_block_device:blk_file r_file_perms;
   allow fastbootd sysfs_leds:file w_file_perms;
+  allow fastbootd citadel_device:chr_file rw_file_perms;
   userdebug_or_eng(`
     allow fastbootd firmware_file:dir { remove_name rmdir search write };
     allow fastbootd firmware_file:{ file lnk_file } unlink;
author	josephjang <josephjang@google.com>	2020-09-17 16:50:48 +0800
committer	josephjang <josephjang@google.com>	2020-09-17 16:50:48 +0800
commit	2a5a8e5fe94c2fdf853b73b95b064f2806cba150 (patch)
tree	bd2c42ab01903c59e88f5353a8f3595df19167d4
parent	9117d1711d80e4cf9888c7a21ba887cb203b291c (diff)
download	crosshatch-sepolicy-2a5a8e5fe94c2fdf853b73b95b064f2806cba150.tar.gz