From e96a14a9d273783ee66f375ace010de24c77f69e Mon Sep 17 00:00:00 2001 From: David Anderson Date: Tue, 11 Jul 2023 09:41:52 -0700 Subject: [PATCH] Allow fastbootd to flash dtbo. This line is copied from gs101-sepolicy, and fixes the following denial: audit: type=1400 audit(1689093038.396:14): avc: denied { write } for pid=409 comm="fastbootd" name="sda24" dev="tmpfs" ino=493 scontext=u:r:fastbootd:s0 tcontext=u:object_r:custom_ab_block_device:s0 tclass=blk_file permissive=0 Bug: N/A Test: fastboot flashall in fastbootd Change-Id: I765aedeb204cc862434a56a97f242640465f84b8 --- whitechapel_pro/fastbootd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/whitechapel_pro/fastbootd.te b/whitechapel_pro/fastbootd.te index 5945ef24..867eda14 100644 --- a/whitechapel_pro/fastbootd.te +++ b/whitechapel_pro/fastbootd.te @@ -5,4 +5,5 @@ allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; allow fastbootd citadel_device:chr_file rw_file_perms; allow fastbootd st54spi_device:chr_file rw_file_perms; +allow fastbootd custom_ab_block_device:blk_file rw_file_perms; ')