Allow update_engine to access /data/misc/update_engine_log
Add label update_engine_log_data_file for log files created by update engine in directory /data/misc/update_engine_log. Bug: 65568605 Test: manual Change-Id: I379db82a0ea540e41cb3b8e03f93d9ce64fac7c9
This commit is contained in:
parent
aa93dad669
commit
6fe014f8cb
@ -34,6 +34,7 @@
|
||||
thermalserviced_tmpfs
|
||||
timezone_service
|
||||
tombstoned_java_trace_socket
|
||||
update_engine_log_data_file
|
||||
vendor_init
|
||||
vold_prepare_subdirs
|
||||
vold_prepare_subdirs_exec
|
||||
|
@ -387,6 +387,7 @@
|
||||
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
|
||||
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
|
||||
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
|
||||
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
|
||||
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
|
||||
# TODO(calin) label profile reference differently so that only
|
||||
|
@ -240,6 +240,7 @@ type vold_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
type tee_data_file, file_type, data_file_type;
|
||||
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/misc/trace for method traces on userdebug / eng builds
|
||||
type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
|
||||
|
@ -20,8 +20,12 @@ wakelock_use(update_engine);
|
||||
dontaudit update_engine kernel:process setsched;
|
||||
|
||||
# Allow using persistent storage in /data/misc/update_engine.
|
||||
allow update_engine update_engine_data_file:dir { create_dir_perms };
|
||||
allow update_engine update_engine_data_file:file { create_file_perms };
|
||||
allow update_engine update_engine_data_file:dir create_dir_perms;
|
||||
allow update_engine update_engine_data_file:file create_file_perms;
|
||||
|
||||
# Allow using persistent storage in /data/misc/update_engine_log.
|
||||
allow update_engine update_engine_log_data_file:dir create_dir_perms;
|
||||
allow update_engine update_engine_log_data_file:file create_file_perms;
|
||||
|
||||
# Don't allow kernel module loading, just silence the logs.
|
||||
dontaudit update_engine kernel:system module_request;
|
||||
|
Loading…
Reference in New Issue
Block a user