Google Git
Sign in
android / platform / system / sepolicy / a8e0f76c44af41cbdd5e452a976171ffe379d035^! / .
commita8e0f76c44af41cbdd5e452a976171ffe379d035[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Sat Mar 25 21:38:17 2017 -0600
committerJeff Sharkey <jsharkey@android.com>Sat Mar 25 21:39:03 2017 -0600
tree24b1bac9992afe3688040b9316135e5f0a1c59d7
parent5d0c2e417b5dd527ec22faaffe9b8dd28ba4c35e [diff]
Define policy for "loop-control" device.

Per loop(4), this device is the preferred way of allocating new
loop devices since Linux 3.1.

avc: denied { read write } for name="loop-control" dev="tmpfs" ino=15221 scontext=u:r:vold:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 34903607
Change-Id: I1f5f62cf0a1c24c6f6453100004812af4b8e1503

diff --git a/private/file_contexts b/private/file_contexts
index d5cf3f7..bd111b8 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -92,6 +92,7 @@
 /dev/keychord   u:object_r:keychord_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
+/dev/loop-control	u:object_r:loop_control_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0

diff --git a/public/device.te b/public/device.te
index 53414e2..4a3bec9 100644
--- a/public/device.te
+++ b/public/device.te

@@ -12,6 +12,7 @@
 type camera_device, dev_type;
 type dm_device, dev_type;
 type keychord_device, dev_type;
+type loop_control_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;
 type radio_device, dev_type;

diff --git a/public/vold.te b/public/vold.te
index 7e8be29..88de4fd 100644
--- a/public/vold.te
+++ b/public/vold.te

@@ -64,6 +64,7 @@
 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow vold app_data_file:dir search;
 allow vold app_data_file:file rw_file_perms;
+allow vold loop_control_device:chr_file rw_file_perms;
 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
 allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
 allow vold dm_device:chr_file rw_file_perms;