blob: 8de3d5fd808391f7fb07aea2fc4c09f3d7268da6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 7418cd97f2c92579bd4d18cbd9063f811ff9a81e Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Tue, 9 Feb 2021 16:42:36 +0800
Subject: [PATCH] policy/modules/services/acpi: allow acpid to watch the
directories in /dev
Fixes:
acpid: inotify_add_watch() failed: Permission denied (13)
avc: denied { watch } for pid=269 comm="acpid" path="/dev/input"
dev="devtmpfs" ino=35 scontext=system_u:system_r:acpid_t:s0-s15:c0.c1023
tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=0
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
policy/modules/services/acpi.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/acpi.te b/policy/modules/services/acpi.te
index 69f1dab4a..5c22adecd 100644
--- a/policy/modules/services/acpi.te
+++ b/policy/modules/services/acpi.te
@@ -105,6 +105,7 @@ dev_rw_acpi_bios(acpid_t)
dev_rw_sysfs(acpid_t)
dev_dontaudit_getattr_all_chr_files(acpid_t)
dev_dontaudit_getattr_all_blk_files(acpid_t)
+dev_watch_dev_dirs(acpid_t)
files_exec_etc_files(acpid_t)
files_read_etc_runtime_files(acpid_t)
--
2.17.1
|
