From edd13bc3b24275ae7a5c8d8c5e3740f712552ec9 Mon Sep 17 00:00:00 2001 From: Anton Hansson Date: Tue, 23 Oct 2018 16:50:51 +0100 Subject: [PATCH] Add sepolicy for preloads_copy script Copied from device/google/crosshatch-sepolicy. Test: diff files in system/etc/selinux before and after for aosp_marlin Change-Id: I518c43af9c217483bdab02424e4aef0270aad366 --- private/file_contexts | 1 + private/preloads_copy.te | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 private/preloads_copy.te diff --git a/private/file_contexts b/private/file_contexts index b361ccd2e..ee295caa6 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -270,6 +270,7 @@ /system/bin/logwrapper u:object_r:system_file:s0 /system/bin/vdc u:object_r:vdc_exec:s0 /system/bin/cppreopts.sh u:object_r:cppreopts_exec:s0 +/system/bin/preloads_copy.sh u:object_r:preloads_copy_exec:s0 /system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0 /system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0 /system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0 diff --git a/private/preloads_copy.te b/private/preloads_copy.te new file mode 100644 index 000000000..7177839fd --- /dev/null +++ b/private/preloads_copy.te @@ -0,0 +1,14 @@ +type preloads_copy, domain, coredomain; +type preloads_copy_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(preloads_copy) + +allow preloads_copy shell_exec:file rx_file_perms; +allow preloads_copy toolbox_exec:file rx_file_perms; +allow preloads_copy preloads_data_file:dir create_dir_perms; +allow preloads_copy preloads_data_file:file create_file_perms; +allow preloads_copy preloads_media_file:dir create_dir_perms; +allow preloads_copy preloads_media_file:file create_file_perms; + +# Allow to copy from /postinstall +allow preloads_copy system_file:dir r_dir_perms;