allow init swapon() swapon(2) requires write access to the underlying block device. Allow it. Addresses the following denial: avc: denied { write } for pid=1 comm="init" name="zram0" dev="tmpfs" ino=6267 scontext=u:r:init:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0 Change-Id: Id1a4f51038d0b6ce7351294698a0ff146d6e4643

commit: beb279c7ea23abc77641e891a76e9bceb6f38883 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Oct 20 11:52:19 2014 -0700
committer: Nick Kralevich <nnk@google.com> Mon Oct 20 11:52:19 2014 -0700
tree: 5dd2b6bca4ee5d0c710b12432998d0dcb2072730
parent: 57a17d143405c400bc03b134af5af10959c53d76 [diff] [blame]
diff --git a/init.te b/init.te
index a6fadbd..d12cc23 100644
--- a/init.te
+++ b/init.te

@@ -102,6 +102,10 @@
 # set scheduling parameters for a kernel domain task.
 allow init kernel:process setsched;
 
+# swapon() needs write access to swap device
+# system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all
+allow init swap_block_device:blk_file rw_file_perms;
+
 ###
 ### neverallow rules
 ###
commit	beb279c7ea23abc77641e891a76e9bceb6f38883	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Oct 20 11:52:19 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Mon Oct 20 11:52:19 2014 -0700
tree	5dd2b6bca4ee5d0c710b12432998d0dcb2072730
parent	57a17d143405c400bc03b134af5af10959c53d76 [diff] [blame]