Add sepolicy for preloads_copy script

Copied from device/google/crosshatch-sepolicy. Test: diff files in system/etc/selinux before and after for aosp_marlin Change-Id: I518c43af9c217483bdab02424e4aef0270aad366
2018-10-23 16:50:51 +01:00 · 2018-10-23 16:50:51 +01:00 · edd13bc3b2
commit edd13bc3b2
parent 962ad6fecb
2 changed files with 15 additions and 0 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -270,6 +270,7 @@
 /system/bin/logwrapper  u:object_r:system_file:s0
 /system/bin/vdc         u:object_r:vdc_exec:s0
 /system/bin/cppreopts.sh   u:object_r:cppreopts_exec:s0
+/system/bin/preloads_copy.sh u:object_r:preloads_copy_exec:s0
 /system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
 /system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
 /system/bin/dex2oat(d)?     u:object_r:dex2oat_exec:s0
--- a/private/preloads_copy.te
+++ b/private/preloads_copy.te
@ -0,0 +1,14 @@
+type preloads_copy, domain, coredomain;
+type preloads_copy_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(preloads_copy)
+
+allow preloads_copy shell_exec:file rx_file_perms;
+allow preloads_copy toolbox_exec:file rx_file_perms;
+allow preloads_copy preloads_data_file:dir create_dir_perms;
+allow preloads_copy preloads_data_file:file create_file_perms;
+allow preloads_copy preloads_media_file:dir create_dir_perms;
+allow preloads_copy preloads_media_file:file create_file_perms;
+
+# Allow to copy from /postinstall
+allow preloads_copy system_file:dir r_dir_perms;