Allow phh-su to blockdev --setrw dm partitions to mount / read-write on logical partition devices

2020-06-06 13:13:25 +02:00 · 2020-06-06 13:13:25 +02:00 · 545be46423
parent 2295229a28
commit 545be46423
1 changed files with 3 additions and 1 deletions
--- a/sepolicy/su.te
+++ b/sepolicy/su.te
@ -143,6 +143,8 @@ allow phhsu_daemon domain:process { transition };


 # 05-09 00:05:30.149 18450 18450 W lprename: type=1400 audit(0.0:40923): avc: denied { ioctl } for path="/dev/block/sda25" dev="tmpfs" ino=19441 ioctlcmd=0x1278 scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:super_block_device:s0 tclass=blk_file permissive=0
+# 06-06 12:59:53.775 30150 30150 I auditd  : type=1400 audit(0.0:35585): avc: denied { ioctl } for comm="blockdev" path="/dev/block/dm-3" dev="tmpfs" ino=12687 ioctlcmd=0x125d scontext=u:r:phhsu_daemon:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0

 allowxperm phhsu_daemon { file_type block_device }:blk_file ioctl { 0-0xffff };
-allowxperm phhsu_daemon super_block_device:blk_file ioctl { 0x1278-0x127a };
+allowxperm phhsu_daemon { super_block_device dm_device }:blk_file ioctl { 0x1278-0x127a 0x125d };
+