diff options
| author | Yu Ning <yu.ning@intel.com> | 2015-05-18 14:52:22 +0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-05-18 09:55:07 -0700 |
| commit | e9ec053e992a2cce6e0688ad1711b015372c24ae (patch) | |
| tree | 805bded3aac2827f917dcc6be697ed43dfea2099 /target/board | |
| parent | 09ee0a4252dbfd811f8345ab095c95ab78a1595f (diff) | |
| download | build-e9ec053e992a2cce6e0688ad1711b015372c24ae.zip build-e9ec053e992a2cce6e0688ad1711b015372c24ae.tar.gz build-e9ec053e992a2cce6e0688ad1711b015372c24ae.tar.bz2 | |
Label /dev/ttyGF* as serial_device
In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:
init: Service 'qemud' (pid XXX) exited with status 1
Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.
(cherrypicked from commit 478346792282aba990111d736ba9928c616f9eb6)
Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>
Diffstat (limited to 'target/board')
| -rw-r--r-- | target/board/generic/sepolicy/file_contexts | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/goldfish_logcat.te | 2 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/qemud.te | 2 |
3 files changed, 3 insertions, 2 deletions
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts index cd46260..d057dc3 100644 --- a/target/board/generic/sepolicy/file_contexts +++ b/target/board/generic/sepolicy/file_contexts @@ -4,6 +4,7 @@ /dev/goldfish_pipe u:object_r:qemu_device:s0 /dev/qemu_.* u:object_r:qemu_device:s0 /dev/socket/qemud u:object_r:qemud_socket:s0 +/dev/ttyGF[0-9]* u:object_r:serial_device:s0 /system/bin/qemud u:object_r:qemud_exec:s0 /sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0 /system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0 diff --git a/target/board/generic/sepolicy/goldfish_logcat.te b/target/board/generic/sepolicy/goldfish_logcat.te index a785355..f820c2a 100644 --- a/target/board/generic/sepolicy/goldfish_logcat.te +++ b/target/board/generic/sepolicy/goldfish_logcat.te @@ -6,5 +6,5 @@ domain_auto_trans(init, logcat_exec, goldfish_logcat) # Read from logd. read_logd(goldfish_logcat) -# Write to /dev/ttyS2 +# Write to /dev/ttyS2 and /dev/ttyGF2. allow goldfish_logcat serial_device:chr_file { write open }; diff --git a/target/board/generic/sepolicy/qemud.te b/target/board/generic/sepolicy/qemud.te index 41f2065..eee21c4 100644 --- a/target/board/generic/sepolicy/qemud.te +++ b/target/board/generic/sepolicy/qemud.te @@ -4,5 +4,5 @@ type qemud_exec, exec_type, file_type; init_daemon_domain(qemud) -# Access /dev/ttyS1. +# Access /dev/ttyS1 and /dev/ttyGF1. allow qemud serial_device:chr_file rw_file_perms; |