On Jan 18, 2016 7:06 PM, "Nick Kralevich" <[email protected]> wrote: > > Why do you want to run fsck on a swap device? That makes no sense and should never occur.
I looked through to see if any code paths would accidentally invoke fsck on swap, but couldn't find anything and we've had no issues ourselves enabling zram swap. I think this must be a local change for you, is that right?. If you're explicitly invoking fsck on swap, don't. > > -- Nick > > On Mon, Jan 18, 2016 at 8:14 AM, Inamdar Sharif <[email protected]> wrote: >> >> Hi Guys, >> >> >> >> I am facing the below avc denial while enabling zram. >> >> avc: denied { getattr } for pid=7545 comm="e2fsck" path="/dev/block/zram0" dev="tmpfs" ino=11973 scontext=u:r:fsck:s0 tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0 >> >> >> >> I have labelled dev/block/zram0 as swap_block_device >> >> Also I have an entry in the fstab : >> >> /dev/block/zram0 none swap defaults zramsize=536870912 >> >> >> >> But due to neverallow rule in fsck.te the above permission cannot be granted. >> >> # fsck should never be run on these block devices >> >> neverallow fsck { >> >> boot_block_device >> >> frp_block_device >> >> metadata_block_device >> >> recovery_block_device >> >> root_block_device >> >> swap_block_device >> >> system_block_device >> >> vold_device >> >> }:blk_file no_rw_file_perms; >> >> >> >> So I think we have to remove swap_block_device from the neverallow. Any suggestions?? >> >> >> >> Thanks. >> >> ________________________________ >> This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. >> ________________________________ >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to [email protected]. > > > > > -- > Nick Kralevich | Android Security | [email protected] | 650.214.4037 > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
