From b20966f803e18c4cfbeb46af784fc2a553dd21b2 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 18 Mar 2014 15:17:35 -0700
Subject: Allow shell serial_device read-write access

When starting the emulator, the system console writes entries
to /dev/ttyS2. We need to allow the writes, otherwise this generates
denials when you run "emulator -verbose -logcat '*:v' -show-kernel"

Addresses the following denial:
type=1400 audit(1395076594.320:446): avc:  denied  { read write } for  pid=5600 comm="sh" path="/dev/ttyS2" dev="tmpfs" ino=1487 scontext=u:r:shell:s0 tcontext=u:object_r:serial_device:s0 tclass=chr_file

Bug: 13506702
Change-Id: I3729537cabb0bf8e8b2905d3def43a293bb1081f
---
 target/board/generic/BoardConfig.mk        | 1 +
 target/board/generic/sepolicy/shell.te     | 1 +
 target/board/generic_mips/BoardConfig.mk   | 1 +
 target/board/generic_x86/BoardConfig.mk    | 1 +
 target/board/generic_x86/sepolicy/shell.te | 1 +
 5 files changed, 5 insertions(+)
 create mode 100644 target/board/generic/sepolicy/shell.te
 create mode 100644 target/board/generic_x86/sepolicy/shell.te

(limited to 'target')

diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index 53a5512..c672be8 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -86,5 +86,6 @@ BOARD_SEPOLICY_UNION += \
         mediaserver.te \
         qemud.te \
         rild.te \
+        shell.te \
         surfaceflinger.te \
         system_server.te
diff --git a/target/board/generic/sepolicy/shell.te b/target/board/generic/sepolicy/shell.te
new file mode 100644
index 0000000..b246d7e
--- /dev/null
+++ b/target/board/generic/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell serial_device:chr_file rw_file_perms;
diff --git a/target/board/generic_mips/BoardConfig.mk b/target/board/generic_mips/BoardConfig.mk
index 85bf7d7..6d222e6 100644
--- a/target/board/generic_mips/BoardConfig.mk
+++ b/target/board/generic_mips/BoardConfig.mk
@@ -68,5 +68,6 @@ BOARD_SEPOLICY_UNION += \
         mediaserver.te \
         qemud.te \
         rild.te \
+        shell.te \
         surfaceflinger.te \
         system_server.te
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index a34804a..db89582 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -54,5 +54,6 @@ BOARD_SEPOLICY_UNION += \
         mediaserver.te \
         qemud.te \
         rild.te \
+        shell.te \
         system_server.te \
         zygote.te
diff --git a/target/board/generic_x86/sepolicy/shell.te b/target/board/generic_x86/sepolicy/shell.te
new file mode 100644
index 0000000..b246d7e
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell serial_device:chr_file rw_file_perms;
-- 
cgit v1.1