label /sys/kernel/debug/tracing and remove debugfs write Start labeling the directory /sys/kernel/debug/tracing. The files in this directory need to be writable to the shell user. Remove global debugfs:file write access. This was added in the days before we could label individual debugfs files. Change-Id: I79c1fcb63b4b9b903dcabd99b6b25e201fe540a3

commit: fe12b61642a0013e04848b399e59d310926c796f [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Dec 14 13:57:26 2015 -0800
committer: Nick Kralevich <nnk@google.com> Mon Dec 14 13:57:26 2015 -0800
tree: 465f71d9ef6204c6739cbd20c5f49883ebdf81ff
parent: a9bf9954259389bb84579d34fa6d4878e5b9cd45 [diff] [blame]
diff --git a/file_contexts b/file_contexts
index a548767..76d5145 100644
--- a/file_contexts
+++ b/file_contexts

@@ -330,6 +330,7 @@
 #############################
 # debugfs files
 #
+/sys/kernel/debug/tracing(/.*)?          u:object_r:debugfs_tracing:s0
 /sys/kernel/debug/tracing/trace_marker   u:object_r:debugfs_trace_marker:s0
 
 #############################
commit	fe12b61642a0013e04848b399e59d310926c796f	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Dec 14 13:57:26 2015 -0800
committer	Nick Kralevich <nnk@google.com>	Mon Dec 14 13:57:26 2015 -0800
tree	465f71d9ef6204c6739cbd20c5f49883ebdf81ff
parent	a9bf9954259389bb84579d34fa6d4878e5b9cd45 [diff] [blame]