Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / 8188830eeb3501bf650afaf50e61d08d47a01c34
commit8188830eeb3501bf650afaf50e61d08d47a01c34[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Tue Mar 31 18:10:19 2015 -0700
committerJeff Sharkey <jsharkey@android.com>Wed Apr 01 09:29:10 2015 -0700
tree837a61a8a89bdcb6d99f17bd4e30493d6d7b5c5f
parent5a5b364c54bbeb2ac032dac18e378370bd35fb45 [diff]
sgdisk: devpts and reload partition tables.

Add rules to let sgdisk read/write to pts when forked from vold.

avc: denied { read write } for path="/dev/pts/14" dev="devpts" ino=17 scontext=u:r:sgdisk:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0

Also add rule to let it kick kernel to reload partition tables after
we finish editing them.  Without this capability, it leaves this
message and violation:

Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.

avc: denied { sys_admin } for capability=21 scontext=u:r:sgdisk:s0 tcontext=u:r:sgdisk:s0 tclass=capability permissive=0

Change-Id: If26a40f9fd3b1ab2c50156ae8bdb128676521b57
1 file changed
tree: 837a61a8a89bdcb6d99f17bd4e30493d6d7b5c5f
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. bluetooth.te
  10. bootanim.te
  11. clatd.te
  12. debuggerd.te
  13. device.te
  14. dex2oat.te
  15. dhcp.te
  16. dnsmasq.te
  17. domain.te
  18. drmserver.te
  19. dumpstate.te
  20. file.te
  21. file_contexts
  22. fs_use
  23. fsck.te
  24. genfs_contexts
  25. global_macros
  26. gpsd.te
  27. hci_attach.te
  28. healthd.te
  29. hostapd.te
  30. init.te
  31. initial_sid_contexts
  32. initial_sids
  33. inputflinger.te
  34. install_recovery.te
  35. installd.te
  36. isolated_app.te
  37. kernel.te
  38. keys.conf
  39. keystore.te
  40. lmkd.te
  41. logd.te
  42. mac_permissions.xml
  43. mdnsd.te
  44. mediaserver.te
  45. mls
  46. mls_macros
  47. mtp.te
  48. net.te
  49. netd.te
  50. neverallow_macros
  51. nfc.te
  52. NOTICE
  53. platform_app.te
  54. policy_capabilities
  55. port_contexts
  56. ppp.te
  57. procrank.te
  58. property.te
  59. property_contexts
  60. racoon.te
  61. radio.te
  62. README
  63. recovery.te
  64. rild.te
  65. roles
  66. runas.te
  67. sdcardd.te
  68. seapp_contexts
  69. security_classes
  70. service.te
  71. service_contexts
  72. servicemanager.te
  73. sgdisk.te
  74. shared_relro.te
  75. shell.te
  76. slideshow.te
  77. su.te
  78. surfaceflinger.te
  79. system_app.te
  80. system_server.te
  81. te_macros
  82. tee.te
  83. toolbox.te
  84. ueventd.te
  85. uncrypt.te
  86. untrusted_app.te
  87. users
  88. vdc.te
  89. vold.te
  90. vold_fsck.te
  91. watchdogd.te
  92. wpa.te
  93. zygote.te