logpersist /dev directory permissions

avc: denied { read } for name="/" dev="tmpfs" ino=7541 scontext=u:r:logpersist:s0 tcontext=u:object_r:device:s0 tclass=dir permissive=0 Bug: 129497117 Test: boot cuttlefish without above denial Change-Id: Ieb17adf1efadd62fc72a07c938d778e70a1c3bd9 Merged-In: Ieb17adf1efadd62fc72a07c938d778e70a1c3bd9 (cherry picked from commit 91675acdc807f85c5f24bcb5fd36bc19b48dcda6)
author: Tri Vo <trong@google.com> 2019-04-12 12:11:30 -0700
committer: Tri Vo <trong@google.com> 2019-05-08 15:49:29 -0700
commit: 4c0e1e9fafe22a9fbf6a522a6976a64e90cd39a6 (patch)
tree: 91871c1c077c73ca877d3fa6b761008d4d8f8ac1
parent: ff03a1b7aa1c18415175a2936aaacba34b422b38 (diff)
download: cuttlefish-4c0e1e9fafe22a9fbf6a522a6976a64e90cd39a6.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/shared/sepolicy/logpersist.te b/shared/sepolicy/logpersist.te
index f7fe15100..22e6da5c6 100644
--- a/shared/sepolicy/logpersist.te
+++ b/shared/sepolicy/logpersist.te
@@ -1,5 +1,6 @@
 # Output to virtual serial console. Needed because seriallogging daemon
 # runs logcat and directs its output to vportXpY or cf_logcat_pipe under
 # the /dev filesystem.
+allow logpersist device:dir r_dir_perms;
 allow logpersist device:fifo_file ra_file_perms;
 allow logpersist virtual_serial_device:chr_file ra_file_perms;
author	Tri Vo <trong@google.com>	2019-04-12 12:11:30 -0700
committer	Tri Vo <trong@google.com>	2019-05-08 15:49:29 -0700
commit	4c0e1e9fafe22a9fbf6a522a6976a64e90cd39a6 (patch)
tree	91871c1c077c73ca877d3fa6b761008d4d8f8ac1
parent	ff03a1b7aa1c18415175a2936aaacba34b422b38 (diff)
download	cuttlefish-4c0e1e9fafe22a9fbf6a522a6976a64e90cd39a6.tar.gz