Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / e9ec053e992a2cce6e0688ad1711b015372c24ae^! / .
commite9ec053e992a2cce6e0688ad1711b015372c24ae[log] [tgz]
authorYu Ning <yu.ning@intel.com>Mon May 18 14:52:22 2015 +0800
committerNick Kralevich <nnk@google.com>Mon May 18 09:55:07 2015 -0700
tree805bded3aac2827f917dcc6be697ed43dfea2099
parent09ee0a4252dbfd811f8345ab095c95ab78a1595f [diff]
Label /dev/ttyGF* as serial_device

In goldfish kernel 3.10, the goldfish_tty device instantiates virtual
serial ports as /dev/ttyGF* (e.g. /dev/ttyGF0), not as /dev/ttyS* as in
goldfish kernel 3.4. However, in the emulator's SELinux security policy,
there is no specific security context assigned to /dev/ttyGF*, and the
one inherited from /dev (u:object_r:device:s0) prevents services such as
qemud and goldfish-logcat from reading and writing ttyGF*. Consequently,
qemud terminates abnormally on the classic x86_64 emulator:

 init: Service 'qemud' (pid XXX) exited with status 1

Fix this issue by assigning /dev/ttyGF* the same security context as
/dev/ttyS*.

(cherrypicked from commit 478346792282aba990111d736ba9928c616f9eb6)

Change-Id: Ia7394dc217bd82f566c4d1b7eda3cc8ce3ac612f
Signed-off-by: Yu Ning <yu.ning@intel.com>

diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index cd46260..d057dc3 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts

@@ -4,6 +4,7 @@
 /dev/goldfish_pipe	u:object_r:qemu_device:s0
 /dev/qemu_.*		u:object_r:qemu_device:s0
 /dev/socket/qemud	u:object_r:qemud_socket:s0
+/dev/ttyGF[0-9]*	u:object_r:serial_device:s0
 /system/bin/qemud	u:object_r:qemud_exec:s0
 /sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
 /system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0

diff --git a/target/board/generic/sepolicy/goldfish_logcat.te b/target/board/generic/sepolicy/goldfish_logcat.te
index a785355..f820c2a 100644
--- a/target/board/generic/sepolicy/goldfish_logcat.te
+++ b/target/board/generic/sepolicy/goldfish_logcat.te

@@ -6,5 +6,5 @@
 # Read from logd.
 read_logd(goldfish_logcat)
 
-# Write to /dev/ttyS2
+# Write to /dev/ttyS2 and /dev/ttyGF2.
 allow goldfish_logcat serial_device:chr_file { write open };

diff --git a/target/board/generic/sepolicy/qemud.te b/target/board/generic/sepolicy/qemud.te
index 41f2065..eee21c4 100644
--- a/target/board/generic/sepolicy/qemud.te
+++ b/target/board/generic/sepolicy/qemud.te

@@ -4,5 +4,5 @@
 
 init_daemon_domain(qemud)
 
-# Access /dev/ttyS1.
+# Access /dev/ttyS1 and /dev/ttyGF1.
 allow qemud serial_device:chr_file rw_file_perms;