Add sepolicy for dynamic partition.

Change-Id: Ic2ebaf716195e64015b3beb457f1364cf4fec604
2019-05-22 23:02:44 +05:30 · 2019-05-22 23:02:44 +05:30 · bdbf9d49aa
commit bdbf9d49aa
parent 3c447db2dc
2 changed files with 8 additions and 1 deletions
--- a/qva/vendor/msmsteppe/file_contexts
+++ b/qva/vendor/msmsteppe/file_contexts
@ -50,6 +50,7 @@
 /dev/block/platform/soc/1d84000.ufshc/by-name/frp                                u:object_r:frp_block_device:s0
 /dev/block/platform/soc/1d84000.ufshc/by-name/mdtp                               u:object_r:mdtp_device:s0
 /dev/block/platform/soc/1d84000.ufshc/by-name/dip                                u:object_r:dip_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/super                              u:object_r:super_block_device:s0

 #rawdump partition
 /dev/block/platform/soc/1d84000.ufshc/by-name/rawdump                            u:object_r:rawdump_block_device:s0
@ -83,6 +84,8 @@
 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab]   u:object_r:custom_ab_block_device:s0
 /dev/block/platform/soc/1d84000.ufshc/by-name/imagefv_[ab]      u:object_r:custom_ab_block_device:s0
 /dev/block/platform/soc/1d84000.ufshc/by-name/uefisecapp_[ab]   u:object_r:uefi_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/vbmeta_system_[ab]    u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/recovery_[ab]         u:object_r:recovery_block_device:s0

 # Block device holding the GPT, where the A/B attributes are stored.
 /dev/block/platform/soc/1d84000.ufshc/sd[ade]                   u:object_r:gpt_block_device:s0
@ -124,6 +127,8 @@
 /dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab]      u:object_r:custom_ab_block_device:s0
 /dev/block/platform/soc/7c4000.sdhci/by-name/imagefv_[ab]      u:object_r:custom_ab_block_device:s0
 /dev/block/platform/soc/7c4000.sdhci/by-name/uefisecapp_[ab]   u:object_r:uefi_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/recovery_[ab]     u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/vbmeta_system_[ab]     u:object_r:custom_ab_block_device:s0

 #non A/B
 /dev/block/platform/soc/7c4000.sdhci/by-name/system                            u:object_r:system_block_device:s0
@ -146,6 +151,7 @@
 /dev/block/platform/soc/7c4000.sdhci/by-name/dip                                u:object_r:dip_device:s0
 /dev/block/platform/soc/7c4000.sdhci/by-name/storsec                            u:object_r:boot_block_device:s0
 /dev/block/platform/soc/7c4000.sdhci/by-name/persist                            u:object_r:persist_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/super                              u:object_r:super_block_device:s0

 #rawdump partition
 /dev/block/platform/soc/7c4000.sdhci/by-name/rawdump                            u:object_r:rawdump_block_device:s0
--- a/qva/vendor/msmsteppe/update_engine_common.te
+++ b/qva/vendor/msmsteppe/update_engine_common.te
@ -33,5 +33,6 @@ allow update_engine_common {
        uefi_block_device
        ssd_block_device
        modem_block_device
+        recovery_block_device
 }:blk_file rw_file_perms;
-
+allow update_engine_common tmpfs:lnk_file r_file_perms;