summaryrefslogtreecommitdiffstats
path: root/target/board
diff options
context:
space:
mode:
authorYu Ning <yu.ning@intel.com>2015-05-18 14:52:22 +0800
committerNick Kralevich <nnk@google.com>2015-05-18 09:55:07 -0700
commite9ec053e992a2cce6e0688ad1711b015372c24ae (patch)
tree805bded3aac2827f917dcc6be697ed43dfea2099 /target/board
parent09ee0a4252dbfd811f8345ab095c95ab78a1595f (diff)
downloadbuild-e9ec053e992a2cce6e0688ad1711b015372c24ae.zip
build-e9ec053e992a2cce6e0688ad1711b015372c24ae.tar.gz
build-e9ec053e992a2cce6e0688ad1711b015372c24ae.tar.bz2
Label /dev/ttyGF* as serial_device
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in goldfish kernel 3.4. However, in the emulator's SELinux security policy, there is no specific security context assigned to /dev/ttyGF*, and the one inherited from /dev (u:object_r:device:s0) prevents services such as qemud and goldfish-logcat from reading and writing ttyGF*. Consequently, qemud terminates abnormally on the classic x86_64 emulator: init: Service 'qemud' (pid XXX) exited with status 1 Fix this issue by assigning /dev/ttyGF* the same security context as /dev/ttyS*. (cherrypicked from commit 478346792282aba990111d736ba9928c616f9eb6) Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f Signed-off-by: Yu Ning <yu.ning@intel.com>
Diffstat (limited to 'target/board')
-rw-r--r--target/board/generic/sepolicy/file_contexts1
-rw-r--r--target/board/generic/sepolicy/goldfish_logcat.te2
-rw-r--r--target/board/generic/sepolicy/qemud.te2
3 files changed, 3 insertions, 2 deletions
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index cd46260..d057dc3 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -4,6 +4,7 @@
/dev/goldfish_pipe u:object_r:qemu_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/socket/qemud u:object_r:qemud_socket:s0
+/dev/ttyGF[0-9]* u:object_r:serial_device:s0
/system/bin/qemud u:object_r:qemud_exec:s0
/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0
/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
diff --git a/target/board/generic/sepolicy/goldfish_logcat.te b/target/board/generic/sepolicy/goldfish_logcat.te
index a785355..f820c2a 100644
--- a/target/board/generic/sepolicy/goldfish_logcat.te
+++ b/target/board/generic/sepolicy/goldfish_logcat.te
@@ -6,5 +6,5 @@ domain_auto_trans(init, logcat_exec, goldfish_logcat)
# Read from logd.
read_logd(goldfish_logcat)
-# Write to /dev/ttyS2
+# Write to /dev/ttyS2 and /dev/ttyGF2.
allow goldfish_logcat serial_device:chr_file { write open };
diff --git a/target/board/generic/sepolicy/qemud.te b/target/board/generic/sepolicy/qemud.te
index 41f2065..eee21c4 100644
--- a/target/board/generic/sepolicy/qemud.te
+++ b/target/board/generic/sepolicy/qemud.te
@@ -4,5 +4,5 @@ type qemud_exec, exec_type, file_type;
init_daemon_domain(qemud)
-# Access /dev/ttyS1.
+# Access /dev/ttyS1 and /dev/ttyGF1.
allow qemud serial_device:chr_file rw_file_perms;