Merge changes from topic "darkboot-sepolicy" into qt-dev
am: 0ad88f096a
Change-Id: If142db3dd80990bdd420154a8a3d89e49c34fb5a
This commit is contained in:
commit
0754f42d33
@ -142,6 +142,8 @@
|
||||
vendor_idc_file
|
||||
vendor_keychars_file
|
||||
vendor_keylayout_file
|
||||
vendor_misc_writer
|
||||
vendor_misc_writer_exec
|
||||
vendor_task_profiles_file
|
||||
vrflinger_vsync_service
|
||||
watchdogd_tmpfs))
|
||||
|
@ -350,6 +350,8 @@
|
||||
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
|
||||
|
||||
/vendor/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
|
||||
|
||||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
|
@ -603,6 +603,7 @@ neverallow {
|
||||
-uncrypt
|
||||
-update_engine
|
||||
-vendor_init
|
||||
-vendor_misc_writer
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
|
@ -161,6 +161,7 @@ wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
|
||||
# vendor-init-readable
|
||||
apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
|
||||
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
|
||||
persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
|
||||
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
|
||||
sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
|
||||
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
|
||||
|
11
prebuilts/api/29.0/public/vendor_misc_writer.te
Normal file
11
prebuilts/api/29.0/public/vendor_misc_writer.te
Normal file
@ -0,0 +1,11 @@
|
||||
# vendor_misc_writer
|
||||
type vendor_misc_writer, domain;
|
||||
type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
# Raw writes to misc_block_device
|
||||
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
|
||||
allow vendor_misc_writer block_device:dir r_dir_perms;
|
||||
|
||||
# Silence the denial when calling libfstab's ReadDefaultFstab.
|
||||
dontaudit vendor_misc_writer proc_cmdline:file read;
|
||||
dontaudit vendor_misc_writer metadata_file:dir search;
|
@ -142,6 +142,8 @@
|
||||
vendor_idc_file
|
||||
vendor_keychars_file
|
||||
vendor_keylayout_file
|
||||
vendor_misc_writer
|
||||
vendor_misc_writer_exec
|
||||
vendor_task_profiles_file
|
||||
vrflinger_vsync_service
|
||||
watchdogd_tmpfs))
|
||||
|
@ -350,6 +350,8 @@
|
||||
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
|
||||
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
|
||||
|
||||
/vendor/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
|
||||
|
||||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
|
@ -603,6 +603,7 @@ neverallow {
|
||||
-uncrypt
|
||||
-update_engine
|
||||
-vendor_init
|
||||
-vendor_misc_writer
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
|
@ -161,6 +161,7 @@ wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
|
||||
# vendor-init-readable
|
||||
apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
|
||||
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
|
||||
persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
|
||||
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
|
||||
sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
|
||||
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
|
||||
|
11
public/vendor_misc_writer.te
Normal file
11
public/vendor_misc_writer.te
Normal file
@ -0,0 +1,11 @@
|
||||
# vendor_misc_writer
|
||||
type vendor_misc_writer, domain;
|
||||
type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;
|
||||
|
||||
# Raw writes to misc_block_device
|
||||
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
|
||||
allow vendor_misc_writer block_device:dir r_dir_perms;
|
||||
|
||||
# Silence the denial when calling libfstab's ReadDefaultFstab.
|
||||
dontaudit vendor_misc_writer proc_cmdline:file read;
|
||||
dontaudit vendor_misc_writer metadata_file:dir search;
|
1
vendor/vendor_misc_writer.te
vendored
Normal file
1
vendor/vendor_misc_writer.te
vendored
Normal file
@ -0,0 +1 @@
|
||||
init_daemon_domain(vendor_misc_writer)
|
Loading…
Reference in New Issue
Block a user