Allow write for restorecon

[ 8345.125689] type=1400 audit(1737841652.160:245): avc: denied { write } for comm="kworker/u16:2" path="/dev/block/sda34" dev="tmpfs" ino=1060 scontext=u:r:kernel:s0 tcontext=u:object_r:userdata_exp_block_device:s0 tclass=blk_file permissive=0 Bug: 361093433 Flag: EXEMPT bugfix Change-Id: Ia03cddd6eebe9b8875bdbd1a8eb3a67f51269032 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2025-01-25 13:50:16 -08:00 · 2025-01-25 13:50:16 -08:00 · b1072785ba
commit b1072785ba
parent 7bd70d06d7
1 changed files with 1 additions and 1 deletions
--- a/storage/sepolicy/kernel.te
+++ b/storage/sepolicy/kernel.te
@ -1,3 +1,3 @@
 # for intelligence service

-allow kernel userdata_exp_block_device:blk_file read;
+allow kernel userdata_exp_block_device:blk_file { read write };