platform_system_sepolicy/public/vendor_misc_writer.te

# vendor_misc_writer
type vendor_misc_writer, domain;
type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.
Add vendor_misc_writer. The space between 2K and 16K in /misc is currently reserved for vendor's use (as claimed in bootloader_message.h), but we don't allow vendor module to access misc_block_device other than vendor_init. The change in the topic adds a `misc_writer` tool as a vendor module, which allows writing data to the vendor space to bridge the gap in the short term. This CL adds matching labels to grant access. Long term goal is to move /misc as vendor owned, then to provide HAL access from core domain (b/132906936). Bug: 132906936 Test: Build crosshatch that includes misc_writer module. Invoke /vendor/bin/misc_writer to write data to /misc. Change-Id: I4c18d78171a839ae5497b3a61800193ef9e51b3b 2019-05-16 23:44:11 +02:00			`# vendor_misc_writer`
			`type vendor_misc_writer, domain;`
			`type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;`
Add "DO NOT ADD statements" comments to public For visibility Bug: 232023812 Test: N/A Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c 2024-03-28 02:37:28 +01:00
			`# system/sepolicy/public is for vendor-facing type and attribute definitions.`
			`# DO NOT ADD allow, neverallow, or dontaudit statements here.`
			`# Instead, add such policy rules to system/sepolicy/private/*.te.`