Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 65b5858a authored Mar 20, 2025 by Todd Frederick

storaged: Fix SELinux denial with debugfs_mmc

Clean up init script control file usage that was removed years ago as
part of b/36228467, which resolves an SELinux denial:

avc: denied { read } for comm="storaged" path="/sys/kernel/debug/mmc0/mmc0:0001/ext_csd" dev="debugfs" ino=16785 scontext=u:r:storaged:s0 tcontext=u:object_r:debugfs_mmc:s0 tclass=file permissive=0

Also fix include ordering.

Bug: 279649316
Test: Check for denial on boot
Flag: EXEMPT bugfix
Change-Id: Idb78fb67c929c6875497a8b768326b65a47c7dfc

parent 8aa1774b

storaged/main.cpp

+3 −4

Original line number	Diff line number	Diff line
		@@ -25,13 +25,12 @@
		#include <sys/types.h>
		#include <vector>

		#include <android-base/macros.h>
		#include <android-base/logging.h>
		#include <android-base/macros.h>
		#include <android-base/stringprintf.h>
		#include <binder/ProcessState.h>
		#include <binder/IServiceManager.h>
		#include <binder/IPCThreadState.h>
		#include <cutils/android_get_control_file.h>
		#include <binder/IServiceManager.h>
		#include <binder/ProcessState.h>
		#include <cutils/sched_policy.h>
		#include <private/android_filesystem_config.h>

storaged/storaged.rc

+0 −1

Original line number	Diff line number	Diff line
		@@ -2,7 +2,6 @@ service storaged /system/bin/storaged
		class main
		capabilities DAC_READ_SEARCH
		priority 10
		file /d/mmc0/mmc0:0001/ext_csd r
		task_profiles ServiceCapacityLow
		user root
		group package_info