ueventd: allow using external firmware handlers
Userspace may want to load a different firmware than the one that the kernel requests in some cases, therefore this change adds the ability to ueventd to run an external handler that will determine the name of the file that should actually be loaded. Bug: 138352500 Test: Manually via custom handlers (compiled binary + shell script). Change-Id: Ib1330cd3b049e23ef066c6e08d3785b344d1feed
This commit is contained in:
parent
aff00188eb
commit
0487fe0252
@ -941,6 +941,7 @@ full_treble_only(`
|
||||
coredomain
|
||||
-init
|
||||
-shell
|
||||
-ueventd
|
||||
} vendor_shell_exec:file { execute execute_no_trans };
|
||||
')
|
||||
|
||||
@ -971,6 +972,7 @@ full_treble_only(`
|
||||
-init
|
||||
-shell
|
||||
-system_executes_vendor_violators
|
||||
-ueventd
|
||||
} {
|
||||
vendor_file_type
|
||||
-same_process_hal_file
|
||||
|
@ -6,7 +6,7 @@ type ueventd_tmpfs, file_type;
|
||||
# Write to /dev/kmsg.
|
||||
allow ueventd kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
|
||||
allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner setuid };
|
||||
allow ueventd device:file create_file_perms;
|
||||
|
||||
r_dir_file(ueventd, rootfs)
|
||||
@ -63,6 +63,9 @@ allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
# to init that cold boot has completed.
|
||||
set_prop(ueventd, cold_boot_done_prop)
|
||||
|
||||
# Allow ueventd to run shell scripts from vendor
|
||||
allow ueventd vendor_shell_exec:file execute;
|
||||
|
||||
#####
|
||||
##### neverallow rules
|
||||
#####
|
||||
@ -75,3 +78,6 @@ neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabel
|
||||
|
||||
# Nobody should be able to ptrace ueventd
|
||||
neverallow * ueventd:process ptrace;
|
||||
|
||||
# ueventd should never execute a program without changing to another domain.
|
||||
neverallow ueventd { file_type fs_type }:file execute_no_trans;
|
||||
|
Loading…
Reference in New Issue
Block a user