Hi Guys,
I am facing the below avc denial while enabling zram.
avc: denied { getattr } for pid=7545 comm="e2fsck" path="/dev/block/zram0"
dev="tmpfs" ino=11973 scontext=u:r:fsck:s0
tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0
I have labelled dev/block/zram0 as swap_block_device
Also I have an entry in the fstab :
/dev/block/zram0 none swap defaults
zramsize=536870912
But due to neverallow rule in fsck.te the above permission cannot be granted.
# fsck should never be run on these block devices
neverallow fsck {
boot_block_device
frp_block_device
metadata_block_device
recovery_block_device
root_block_device
swap_block_device
system_block_device
vold_device
}:blk_file no_rw_file_perms;
So I think we have to remove swap_block_device from the neverallow. Any
suggestions??
Thanks.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may
contain
confidential information. Any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recipient, please contact the
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
