summaryrefslogtreecommitdiffstats
path: root/target
diff options
context:
space:
mode:
authorYu Ning <yu.ning@intel.com>2015-05-15 00:00:35 +0800
committerdcashman <dcashman@google.com>2015-05-15 07:44:28 -0700
commitb23b5cc4a423848284bd05e2a263ae00cdedd68e (patch)
tree571f324e82803a783527ce7173c21f1f7eb6afa6 /target
parentf9f9c3f31e85a96aeb13af065d8eb8dbf33dd05c (diff)
downloadbuild-b23b5cc4a423848284bd05e2a263ae00cdedd68e.zip
build-b23b5cc4a423848284bd05e2a263ae00cdedd68e.tar.gz
build-b23b5cc4a423848284bd05e2a263ae00cdedd68e.tar.bz2
Label /dev/goldfish_pipe as qemu_device
In goldfish kernel 3.10, qemu_pipe has been renamed to goldfish_pipe. However, in the emulator's SELinux policy, there is no specific security context assigned to /dev/goldfish_pipe, and the one inherited from /dev (u:object_r:device:s0) prevents various processes (qemud, qemu-props, etc.) from reading and writing goldfish_pipe. Consequently, the classic x86_64 emulator will not boot if GPU emulation is enabled ("-gpu host"), and does not render the UI correctly if launched with "-gpu off". Fix this issue by assigning /dev/goldfish_pipe the same security context as /dev/qemu_pipe. This CL also benefits the new ("ranchu") emulator, where all supported ABIs (arm64, mips64, x86 and x86_64) use 3.10-based kernels. Without this fix, the new emulator boots and works, but there are avc denials related to goldfish_pipe. Last but not least, it is now possible to boot the classic x86 emulator with a 3.10-based kernel instead of the current 3.4-based one, without disabling SELinux. (cherry-pick of commit: a5053e6b35fa1188d94a851a3032126141e5c87f) Change-Id: I52e75c94d3ae3758cbbf5bc0e1d84254fdf5c6cb Signed-off-by: Yu Ning <yu.ning@intel.com>
Diffstat (limited to 'target')
-rw-r--r--target/board/generic/sepolicy/file_contexts1
1 files changed, 1 insertions, 0 deletions
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index 444a47f..cd46260 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -1,6 +1,7 @@
/dev/block/mtdblock0 u:object_r:system_block_device:s0
/dev/block/mtdblock1 u:object_r:userdata_block_device:s0
/dev/block/mtdblock2 u:object_r:cache_block_device:s0
+/dev/goldfish_pipe u:object_r:qemu_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/socket/qemud u:object_r:qemud_socket:s0
/system/bin/qemud u:object_r:qemud_exec:s0