allow toolbox block_device:dir search needed to get to the swap device. Addresses the following denial: avc: denied { search } for pid=149 comm="mkswap" name="block" dev="tmpfs" ino=9947 scontext=u:r:toolbox:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0 Change-Id: I0c897540f1c7950738622a013121a050a1f32b2f

commit: 0bc6c80f51b4a8a17756dfe0acd221e046cfecd8 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Dec 19 17:21:52 2014 -0800
committer: Nick Kralevich <nnk@google.com> Fri Dec 19 17:21:52 2014 -0800
tree: f8e8c6f94253f23732020d8fd6f30082209f08f2
parent: d94b78c908eafb9c57b17d8ad31842df5a0139a9 [diff] [blame]
diff --git a/toolbox.te b/toolbox.te
index 1056756..6856606 100644
--- a/toolbox.te
+++ b/toolbox.te

@@ -18,6 +18,7 @@
 # Read/write block devices used for swap partitions.
 # Assign swap_block_device type any such partition in your
 # device/<vendor>/<product>/sepolicy/file_contexts file.
+allow toolbox block_device:dir search;
 allow toolbox swap_block_device:blk_file rw_file_perms;
 
 # Only allow entry from init via the toolbox binary.
commit	0bc6c80f51b4a8a17756dfe0acd221e046cfecd8	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Dec 19 17:21:52 2014 -0800
committer	Nick Kralevich <nnk@google.com>	Fri Dec 19 17:21:52 2014 -0800
tree	f8e8c6f94253f23732020d8fd6f30082209f08f2
parent	d94b78c908eafb9c57b17d8ad31842df5a0139a9 [diff] [blame]