Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / device / asus / grouper / 7b97740f1d9d3bd4852e370e4c59f748b2f24360
commit7b97740f1d9d3bd4852e370e4c59f748b2f24360[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon Jan 13 09:01:43 2014 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Mon Jan 13 09:01:43 2014 -0500
treedfe6ed0a2e6bddbf0bedc1adf889f6de72cf756d
parent799c9569f3720836ea6441a215a28454c14e67b3 [diff]
Allow access to sysfs files.

Due to a bug in Linux < 3.3, sysfs inodes can lose a security context
set via setfilecon/setxattr and revert to the base sysfs type if the
security context is set before setting owner or mode on the inode and
the inode is later evicted from memory and subsequently refreshed.
This was fixed in mainline Linux by commit
93518dd2ebafcc761a8637b2877008cfd748c202.

As a workaround, allow any domain that can write to any sysfs type
to also write to the base sysfs type in the grouper sepolicy and
anything that inherits from it.

Change-Id: I14b0530387edce1097387223f0def9b59e4292e0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
5 files changed
tree: dfe6ed0a2e6bddbf0bedc1adf889f6de72cf756d
  1. audio/
  2. bluetooth/
  3. dumpstate/
  4. factory-images/
  5. keymaster/
  6. liblights/
  7. nfc/
  8. overlay/
  9. power/
  10. recovery/
  11. self-extractors/
  12. sepolicy/
  13. Android.mk
  14. AndroidProducts.mk
  15. aosp_grouper.mk
  16. audio_policy.conf
  17. board-info.txt
  18. BoardConfig.mk
  19. BoardConfigCommon.mk
  20. CleanSpec.mk
  21. device-common.mk
  22. device.mk
  23. egl.cfg
  24. elan-touchscreen.idc
  25. fstab.grouper
  26. full_grouper.mk
  27. gpio-keys.kl
  28. gps.conf
  29. init.grouper.rc
  30. init.grouper.usb.rc
  31. kernel
  32. media_codecs.xml
  33. media_profiles.xml
  34. mixer_paths.xml
  35. nfcee_access.xml
  36. nfcee_access_debug.xml
  37. proprietary-blobs.txt
  38. raydium_ts.idc
  39. releasetools.py
  40. sensor00fn11.idc
  41. system.prop
  42. ueventd.grouper.rc
  43. vendorsetup.sh