Skip to content

Commit

Permalink
devices:Add genfscon context for functionfs to mount
Browse files Browse the repository at this point in the history 
When start up adbd by adb initscript, there's a command like:
mount -o uid=2000,gid=2000 -t functionfs adb /dev/usb-ffs/adb

will cause below deny because lack of functionfs related contexts.

avc:  denied  { mount } for  pid=346 comm="mount" name="/"
dev="functionfs" ino=17700 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1

Signed-off-by: Kai Meng <[email protected]>
  • Loading branch information
@quic-kmeng
quic-kmeng committed Jan 4, 2024
1 parent d7d4128 commit 76951aa
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions policy/modules/kernel/devices.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,7 @@ files_mountpoint(usbfs_t)
fs_pseudo_type(usbfs_t)
genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
genfscon functionfs / gen_context(system_u:object_r:usbfs_t,s0)

#
# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
Expand Down

0 comments on commit 76951aa

Please sign in to comment.