From 05d593ccc9ba357a20137781be53d09cc399b32c Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Jun 2014 10:27:32 -0400
Subject: Allow kickstart to read tombstone files.

Address denials such as:
 avc: denied { getattr } for comm="ks" path="/data/tombstones" dev="mmcblk0p23" ino=225345 scontext=u:r:kickstart:s0 tcontext=u:object_r:tombstone_data_file:s0 tclass=dir

Unclear on exactly what accesses are required, but init.mako.rc invokes
kickstart with:
/system/bin/qcks -i /firmware/image/ -r /data/tombstones/mdm/

Change-Id: Iee68d3c3da688a3caf4b2572dc052cb790e37169
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 sepolicy/kickstart.te | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sepolicy')

diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
index 287fbc8..79fa620 100644
--- a/sepolicy/kickstart.te
+++ b/sepolicy/kickstart.te
@@ -31,3 +31,7 @@ allow kickstart system_file:file execute_no_trans;
 
 # Wake lock access
 wakelock_use(kickstart)
+
+# Read tombstones
+allow kickstart tombstone_data_file:dir r_dir_perms;
+allow kickstart tombstone_data_file:file r_file_perms;
-- 
cgit v1.2.3