From 1daa2bf03465c0b8e5279b89a2303f9aa6937079 Mon Sep 17 00:00:00 2001 From: Ivan Vecera Date: Wed, 23 Mar 2022 10:57:42 -0300 Subject: veux: sepolicy: Allow system_app to access zram sysfs nodes 04-22 09:15:37.459 19569 19569 I auditd : type=1400 audit(0.0:570): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 04-22 09:15:37.459 19569 19569 I auditd : type=1400 audit(0.0:571): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0 --- sepolicy/private/system_app.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 sepolicy/private/system_app.te (limited to 'sepolicy/private') diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te new file mode 100644 index 0000000..5ce4031 --- /dev/null +++ b/sepolicy/private/system_app.te @@ -0,0 +1,2 @@ +allow system_app sysfs_zram:dir search; +allow system_app sysfs_zram:file r_file_perms; \ No newline at end of file -- cgit v1.2.3