PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add hal_bootctl to white-list of sys_rawio

Browse Source 
VtsHalBootV1_0Target test cases fail on a platform when executing boot control operation.
The cases fail because of hal_bootctl has no sys_rawio permission to do storage IOCTL to
switch boot slot.

Bug: 118011561
Test: VtsHalBootV1_0Target can pass
Change-Id: Idbbb9ea8b76fe62b2d4b71356cef7a07ad4de890
This commit is contained in:
Pierre Lee 2018-10-22 10:03:15 +08:00 committed by Robert Chou
parent d41721bc41
commit 30c77c1695
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
public/domain.te
View File

@ -355,6 +355,7 @@ neverallow {
-healthd -healthd
-uncrypt -uncrypt
-tee -tee
-hal_bootctl
} self:global_capability_class_set sys_rawio; } self:global_capability_class_set sys_rawio;
# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR). # No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).

2
public/hal_bootctl.te
View File

@ -3,5 +3,3 @@ binder_call(hal_bootctl_client, hal_bootctl_server)
binder_call(hal_bootctl_server, hal_bootctl_client) binder_call(hal_bootctl_server, hal_bootctl_client)
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice) hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
dontaudit hal_bootctl self:global_capability_class_set sys_rawio;