init.qcom.usb.rc: write product string from RC rule
SELinux is throwing the following denial when writing the product
string from the init.qcom.usb.sh script:
type=1400 audit(740030.896:50): avc: denied { write } for comm="init.qcom.usb.s" name="0x409" dev="configfs" ino=38366
scontext=u:r:vendor_qti_init_shell:s0 tcontext=u:object_r:configfs:s0 tclass=dir permissive=0
Even though the product string is written successfully, the denial
is due to updating the mtime of the parent directory 0x409 itself for
which vendor_qti_init_shell does not have an explicit policy to do.
As an alternative, we can simply make the init.qcom.usb.rc file write
to the string to avoid the SELinux denial, since the vendor_qti_init
context already has full rw_dir_perms to the ConfigFS path. We still
need to invoke the shell script because the product string is
constructed and manipulated dynamically, something that init RC syntax
cannot do. So make the script store the resulting string in a vendor
property, and let the RC rule then write this property value to the
ConfigFS path.
Change-Id: I253918a6180865d0d027993738b29e0b90b52a50
2 files changed