diff options
author | Yu Ning <yu.ning@intel.com> | 2015-05-15 00:00:35 +0800 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-05-15 07:44:28 -0700 |
commit | b23b5cc4a423848284bd05e2a263ae00cdedd68e (patch) | |
tree | 571f324e82803a783527ce7173c21f1f7eb6afa6 /target | |
parent | f9f9c3f31e85a96aeb13af065d8eb8dbf33dd05c (diff) | |
download | build-b23b5cc4a423848284bd05e2a263ae00cdedd68e.zip build-b23b5cc4a423848284bd05e2a263ae00cdedd68e.tar.gz build-b23b5cc4a423848284bd05e2a263ae00cdedd68e.tar.bz2 |
Label /dev/goldfish_pipe as qemu_device
In goldfish kernel 3.10, qemu_pipe has been renamed to goldfish_pipe.
However, in the emulator's SELinux policy, there is no specific security
context assigned to /dev/goldfish_pipe, and the one inherited from /dev
(u:object_r:device:s0) prevents various processes (qemud, qemu-props,
etc.) from reading and writing goldfish_pipe. Consequently, the classic
x86_64 emulator will not boot if GPU emulation is enabled ("-gpu host"),
and does not render the UI correctly if launched with "-gpu off".
Fix this issue by assigning /dev/goldfish_pipe the same security context
as /dev/qemu_pipe.
This CL also benefits the new ("ranchu") emulator, where all supported
ABIs (arm64, mips64, x86 and x86_64) use 3.10-based kernels. Without
this fix, the new emulator boots and works, but there are avc denials
related to goldfish_pipe.
Last but not least, it is now possible to boot the classic x86 emulator
with a 3.10-based kernel instead of the current 3.4-based one, without
disabling SELinux.
(cherry-pick of commit: a5053e6b35fa1188d94a851a3032126141e5c87f)
Change-Id: I52e75c94d3ae3758cbbf5bc0e1d84254fdf5c6cb
Signed-off-by: Yu Ning <yu.ning@intel.com>
Diffstat (limited to 'target')
-rw-r--r-- | target/board/generic/sepolicy/file_contexts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts index 444a47f..cd46260 100644 --- a/target/board/generic/sepolicy/file_contexts +++ b/target/board/generic/sepolicy/file_contexts @@ -1,6 +1,7 @@ /dev/block/mtdblock0 u:object_r:system_block_device:s0 /dev/block/mtdblock1 u:object_r:userdata_block_device:s0 /dev/block/mtdblock2 u:object_r:cache_block_device:s0 +/dev/goldfish_pipe u:object_r:qemu_device:s0 /dev/qemu_.* u:object_r:qemu_device:s0 /dev/socket/qemud u:object_r:qemud_socket:s0 /system/bin/qemud u:object_r:qemud_exec:s0 |