Allow init to rm /dev/diag

Commit 69e1ad839d8a89f55eb226a639c760ac09e7135a (AOSP cherrypick 3ac5654c0a144eda4925c70e5c2f275e95c31e7c) ensures that /dev/diag is always removed on boot. Allow for it in SELinux policy. Addresses the following denial: audit(1422745424.741:5): avc: denied { unlink } for pid=1 comm="init" name="diag" dev="tmpfs" ino=8302 scontext=u:r:init:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file Change-Id: If20ae7eb64356c06e94873dec89fc1ca576fe74a
author: Nick Kralevich <nnk@google.com> 2015-01-31 14:56:46 -0800
committer: Nick Kralevich <nnk@google.com> 2015-01-31 15:05:48 -0800
commit: 7f14924d0209e18fcbc46d3d3beec1241bb0c16c (patch)
tree: 29f38b33cfbb7a886a4ffb5e0698390570f298c6
parent: 0e7ddd0a86f8006501afd74463914054abcef353 (diff)
download: mako-7f14924d0209e18fcbc46d3d3beec1241bb0c16c.tar.gz
2 files changed, 2 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk
index c8aebdc..e8fa66f 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -112,6 +112,7 @@ BOARD_SEPOLICY_UNION += \
        file.te \
        file_contexts \
        hostapd.te \
+       init.te \
        kickstart.te \
        mediaserver.te \
        mpdecision.te \
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..14f1b92
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1 @@
+allow init diag_device:chr_file unlink;
author	Nick Kralevich <nnk@google.com>	2015-01-31 14:56:46 -0800
committer	Nick Kralevich <nnk@google.com>	2015-01-31 15:05:48 -0800
commit	7f14924d0209e18fcbc46d3d3beec1241bb0c16c (patch)
tree	29f38b33cfbb7a886a4ffb5e0698390570f298c6
parent	0e7ddd0a86f8006501afd74463914054abcef353 (diff)
download	mako-7f14924d0209e18fcbc46d3d3beec1241bb0c16c.tar.gz