fff3fe2f08
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.
(cherry-pick of commit: 5c6a227ebb)
Bug: 37896931
Bug: 37916906
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
20 lines
627 B
Plaintext
20 lines
627 B
Plaintext
# update_verifier
|
|
type update_verifier, domain;
|
|
type update_verifier_exec, exec_type, file_type;
|
|
|
|
# Allow update_verifier to reach block devices in /dev/block.
|
|
allow update_verifier block_device:dir search;
|
|
|
|
# Read care map in /data/ota_package/.
|
|
allow update_verifier ota_package_file:dir r_dir_perms;
|
|
allow update_verifier ota_package_file:file r_file_perms;
|
|
|
|
# Read all blocks in dm wrapped system partition.
|
|
allow update_verifier dm_device:blk_file r_file_perms;
|
|
|
|
# Allow update_verifier to reboot the device.
|
|
set_prop(update_verifier, powerctl_prop)
|
|
|
|
# Use Boot Control HAL
|
|
hal_client_domain(update_verifier, hal_bootctl)
|