PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow update_verifier to call checkpointing

Browse Source 
This lets update_verifier call supportsCheckpoint to defer marking the
boot as successful when we may end up failing before we would commit
the checkpoint. In this case, we will mark the boot as successful just
before committing the checkpoint.

Test: Check that marking the boot as succesful was deferred in
      update_verifier, and done later on.
Change-Id: I9b4f3dd607ff5301860e78f4604b600b4ee416b7
This commit is contained in:
Daniel Rosenberg 2019-01-31 19:50:59 -08:00
parent c74699105c
commit 650981d2a8
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/update_verifier.te
View File

@ -29,3 +29,8 @@ set_prop(update_verifier, powerctl_prop)
# Use Boot Control HAL
hal_client_domain(update_verifier, hal_bootctl)
# Access Checkpoint commands over binder
allow update_verifier vold_service:service_manager find;
binder_call(update_verifier, servicemanager)
binder_call(update_verifier, vold)

2
public/vold.te
View File

@ -284,7 +284,7 @@ neverallow {
neverallow { domain -vold -init } restorecon_prop:property_service set;
# Only system_server and vdc can interact with vold over binder
neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
neverallow { domain -system_server -vdc -vold -update_verifier } vold_service:service_manager find;
neverallow vold {
domain
-ashmemd