PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix selinux denials when applying updates in recovery.

Browse Source 
These lines are copied from update_engine.te, and are needed to update
dynamic partitions in recovery.

Bug: 132943965
Test: sideload OTA on cuttlefish
Change-Id: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
Merged-In: Id03a658aac69b8d20fa7bb758530a4469c75cf9c
This commit is contained in:
David Anderson 2019-05-21 16:22:21 -07:00
parent 676d9590f4
commit 115aafa7ab
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
prebuilts/api/29.0/public/recovery.te
View File

@ -138,6 +138,10 @@ recovery_only(`
# This line seems suspect, as it should not really need to # This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task. # set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched; allow recovery kernel:process setsched;
# These are needed to update dynamic partitions in recovery.
r_dir_file(recovery, sysfs_dm)
allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
') ')
### ###

4
public/recovery.te
View File

@ -138,6 +138,10 @@ recovery_only(`
# This line seems suspect, as it should not really need to # This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task. # set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched; allow recovery kernel:process setsched;
# These are needed to update dynamic partitions in recovery.
r_dir_file(recovery, sysfs_dm)
allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
') ')
### ###