universal7580: sepolicy: correct sswap sysfs node labelling

author Danny Wood <danwood76@gmail.com>

Fri, 29 Nov 2019 11:42:54 +0000 (11:42 +0000)

committer Danny Wood <danwood76@gmail.com>

Tue, 10 Mar 2020 15:25:57 +0000 (15:25 +0000)
author Danny Wood <danwood76@gmail.com>
Fri, 29 Nov 2019 11:42:54 +0000 (11:42 +0000)
committer Danny Wood <danwood76@gmail.com>
Tue, 10 Mar 2020 15:25:57 +0000 (15:25 +0000)
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts

index 734b8eb03dc459fcee7faefd959a25fd9a7abad9..3d7ffdad43b228c8fb167057222b9bc40e8367f6 100644 (file)
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -63,9 +63,7 @@ genfscon sysfs /class/input_booster/head    u:object_r:sysfs_input:s0
  genfscon sysfs /class/input_booster/tail    u:object_r:sysfs_input:s0
  
  # Swap
-genfscon sysfs /devices/virtual/block/vnswap0/disksize              u:object_r:sysfs_sswap:s0
-genfscon sysfs /devices/virtual/block/vnswap0/swap_filename         u:object_r:sysfs_sswap:s0
-genfscon sysfs /devices/virtual/block/vnswap0/init_backing_storage  u:object_r:sysfs_sswap:s0
+genfscon sysfs /devices/virtual/block/vnswap0   u:object_r:sysfs_sswap:s0
  
  # CPU/Scheduler devices
  genfscon sysfs /power/cpufreq_table         u:object_r:sysfs_devices_system_cpu:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te

index 4c0d72007768138b89bc61553a6e1276847cfd3f..6a35a07cafa48e036ea6af23b460d13170753080 100644 (file)
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -49,6 +49,10 @@ allow init sysfs_gps:file setattr;
  # CPU permissions
  allow init sysfs_devices_system_cpu:file rw_file_perms;
  
+# sswap permissions
+allow init sswap_device:blk_file write;
+allow init sysfs_sswap:file { open write };
+
  # Block device sysfs
  allow init sysfs_block:file rw_file_perms;
  
diff --git a/sepolicy/sswap.te b/sepolicy/sswap.te

index f5a7a70a45b9d05d09e9c0a5d670d62fd478049e..41fefb8fac5e4c81e2f516126ad2a36dddd67d48 100644 (file)
--- a/sepolicy/sswap.te
+++ b/sepolicy/sswap.te
@@ -6,10 +6,10 @@ init_daemon_domain(sswap);
  
  allow sswap sswap_device:blk_file rw_file_perms;
  allow sswap sysfs_sswap:file rw_file_perms;
+allow sswap sysfs_sswap:dir search;
  allow sswap block_device:dir search;
  allow sswap self:capability sys_admin;
  
-allow sswap proc:file r_file_perms;
  allow sswap proc_meminfo:file r_file_perms;
  
  allow sswap properties_device:dir r_dir_perms;
author	Danny Wood <danwood76@gmail.com>
	Fri, 29 Nov 2019 11:42:54 +0000 (11:42 +0000)
committer	Danny Wood <danwood76@gmail.com>
	Tue, 10 Mar 2020 15:25:57 +0000 (15:25 +0000)
sepolicy/genfs_contexts		patch \| blob \| blame \| history
sepolicy/init.te		patch \| blob \| blame \| history
sepolicy/sswap.te		patch \| blob \| blame \| history