Allow kickstart to read tombstone files.

Address denials such as: avc: denied { getattr } for comm="ks" path="/data/tombstones" dev="mmcblk0p23" ino=225345 scontext=u:r:kickstart:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir Unclear on exactly what accesses are required, but init.mako.rc invokes kickstart with: /system/bin/qcks -i /firmware/image/ -r /data/tombstones/mdm/ Change-Id: Iee68d3c3da688a3caf4b2572dc052cb790e37169 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-06-11 10:27:32 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-06-11 10:27:32 -0400
commit: 05d593ccc9ba357a20137781be53d09cc399b32c (patch)
tree: e323d63671e5a39c2aaed420c054c36cfd05ae76 /sepolicy
parent: 8b15fef6ee2caf45be4d9360ec29fc4ef3028220 (diff)
download: mako-05d593ccc9ba357a20137781be53d09cc399b32c.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
index 287fbc8..79fa620 100644
--- a/sepolicy/kickstart.te
+++ b/sepolicy/kickstart.te
@@ -31,3 +31,7 @@ allow kickstart system_file:file execute_no_trans;
 
 # Wake lock access
 wakelock_use(kickstart)
+
+# Read tombstones
+allow kickstart tombstone_data_file:dir r_dir_perms;
+allow kickstart tombstone_data_file:file r_file_perms;
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-06-11 10:27:32 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-06-11 10:27:32 -0400
commit	05d593ccc9ba357a20137781be53d09cc399b32c (patch)
tree	e323d63671e5a39c2aaed420c054c36cfd05ae76 /sepolicy
parent	8b15fef6ee2caf45be4d9360ec29fc4ef3028220 (diff)
download	mako-05d593ccc9ba357a20137781be53d09cc399b32c.tar.gz