Merge "Moving recovery resources from /system to /vendor"
This commit is contained in:
commit
0109fb24fc
@ -1,6 +1,8 @@
|
||||
;; types removed from current policy
|
||||
(type ashmemd)
|
||||
(type hal_wifi_offload_hwservice)
|
||||
(type install_recovery)
|
||||
(type install_recovery_exec)
|
||||
(type mediacodec_service)
|
||||
(type perfprofd_data_file)
|
||||
(type perfprofd_service)
|
||||
|
@ -23,5 +23,7 @@
|
||||
system_passwd_file
|
||||
vendor_apex_file
|
||||
vendor_boringssl_self_test
|
||||
vendor_install_recovery
|
||||
vendor_install_recovery_exec
|
||||
virtual_ab_prop
|
||||
wifi_stack_service))
|
||||
|
@ -284,7 +284,6 @@
|
||||
/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0
|
||||
/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
|
||||
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
|
||||
/system/bin/install-recovery\.sh u:object_r:install_recovery_exec:s0
|
||||
/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
|
||||
/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
|
||||
/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0
|
||||
@ -367,6 +366,8 @@
|
||||
|
||||
/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
|
||||
|
||||
#############################
|
||||
# OEM and ODM files
|
||||
#
|
||||
|
@ -1,3 +0,0 @@
|
||||
typeattribute install_recovery coredomain;
|
||||
|
||||
init_daemon_domain(install_recovery)
|
@ -1,21 +0,0 @@
|
||||
# service flash_recovery in init.rc
|
||||
type install_recovery, domain;
|
||||
type install_recovery_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# /system/bin/install-recovery.sh is a shell script.
|
||||
# Needs to execute /system/bin/sh
|
||||
allow install_recovery shell_exec:file rx_file_perms;
|
||||
|
||||
# Execute /system/bin/applypatch
|
||||
allow install_recovery system_file:file rx_file_perms;
|
||||
not_full_treble(`allow install_recovery vendor_file:file rx_file_perms;')
|
||||
|
||||
allow install_recovery toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Update the recovery block device based off a diff of the boot block device
|
||||
allow install_recovery block_device:dir search;
|
||||
allow install_recovery boot_block_device:blk_file r_file_perms;
|
||||
allow install_recovery recovery_block_device:blk_file rw_file_perms;
|
||||
|
||||
# Write to /proc/sys/vm/drop_caches
|
||||
allow install_recovery proc_drop_caches:file w_file_perms;
|
24
vendor/vendor_install_recovery.te
vendored
Normal file
24
vendor/vendor_install_recovery.te
vendored
Normal file
@ -0,0 +1,24 @@
|
||||
init_daemon_domain(vendor_install_recovery)
|
||||
|
||||
# service vendor_flash_recovery in
|
||||
# bootable/recovery/applypatch/vendor_flash_recovery.rc
|
||||
type vendor_install_recovery, domain;
|
||||
type vendor_install_recovery_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
# /vendor/bin/install-recovery.sh is a shell script.
|
||||
# Needs to execute /vendor/bin/sh
|
||||
allow vendor_install_recovery vendor_shell_exec:file rx_file_perms;
|
||||
|
||||
# Execute /vendor/bin/applypatch
|
||||
allow vendor_install_recovery vendor_file:file rx_file_perms;
|
||||
not_full_treble(`allow vendor_install_recovery vendor_file:file rx_file_perms;')
|
||||
|
||||
allow vendor_install_recovery vendor_toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Update the recovery block device based off a diff of the boot block device
|
||||
allow vendor_install_recovery block_device:dir search;
|
||||
allow vendor_install_recovery boot_block_device:blk_file r_file_perms;
|
||||
allow vendor_install_recovery recovery_block_device:blk_file rw_file_perms;
|
||||
|
||||
# Write to /proc/sys/vm/drop_caches
|
||||
allow vendor_install_recovery proc_drop_caches:file w_file_perms;
|
Loading…
Reference in New Issue
Block a user