Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1695914 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

restorecon_recursive /cache 

Make sure all files / directories within /cache are properly
labeled, not just the directory itself.

Addresses the following denial:

  type=1400 audit(0.0:26): avc: denied { getattr } for comm="Thread-85" path="/cache/lost+found" dev="mmcblk0p27" ino=11 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir

Change-Id: I5937b30043efeb696ffaa77258b7294d20d1494e
parent 6e141aea

rootdir/init.rc

+1 −3
Original line number Original line Diff line number Diff line
@@ -189,13 +189,11 @@ on post-fs 
    chown system cache /cache

    chown system cache /cache

    chmod 0770 /cache

    chmod 0770 /cache

    # We restorecon /cache in case the cache partition has been reset.

    # We restorecon /cache in case the cache partition has been reset.

    restorecon /cache

    restorecon_recursive /cache





    # This may have been created by the recovery system with odd permissions

    # This may have been created by the recovery system with odd permissions

    chown system cache /cache/recovery

    chown system cache /cache/recovery

    chmod 0770 /cache/recovery

    chmod 0770 /cache/recovery

    # This may have been created by the recovery system with the wrong context.

    restorecon /cache/recovery





    #change permissions on vmallocinfo so we can grab it from bugreports

    #change permissions on vmallocinfo so we can grab it from bugreports

    chown root log /proc/vmallocinfo

    chown root log /proc/vmallocinfo