platform_system_sepolicy/update_verifier.te

# update_verifier
type update_verifier, domain;
type update_verifier_exec, exec_type, file_type;

init_daemon_domain(update_verifier)

# Raw writes to bootctrl block device
allow update_verifier bootctrl_block_device:blk_file rw_file_perms;

# TODO: Add rules to allow update_verifier to read system_block_device.
Allow update_verifier to access bootctrl_block_device. Bug: 26039641 Change-Id: Ifd96b105f054b67f881529db3fe94718cab4a0f4 (cherry picked from commit 8eaf25856eab787d5226441b6f3032fdfef9cbb9) 2015-12-05 02:48:50 +01:00			`# update_verifier`
			`type update_verifier, domain;`
			`type update_verifier_exec, exec_type, file_type;`

			`init_daemon_domain(update_verifier)`

			`# Raw writes to bootctrl block device`
			`allow update_verifier bootctrl_block_device:blk_file rw_file_perms;`

			`# TODO: Add rules to allow update_verifier to read system_block_device.`