tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: Define and allow map permission for vendor dir am: 24537b2e96

Browse source 
am: e63f7f32ac

Change-Id: If629064af97961fdf4fe6914661f2336cf3a1795
This commit is contained in:
John Stultz 2017-08-23 15:03:55 +00:00 committed by android-build-merger
commit 01cd12a0d6
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
public/domain.te
View file

@ -106,7 +106,7 @@ allow domain system_file:lnk_file { getattr read };
# devices
not_full_treble(`
allow domain vendor_file_type:dir { search getattr };
allow domain vendor_file_type:file { execute read open getattr };
allow domain vendor_file_type:file { execute read open getattr map };
allow domain vendor_file_type:lnk_file { getattr read };
')
@ -117,12 +117,12 @@ allow domain vendor_hal_file:dir r_dir_perms;
# Everyone can read and execute all same process HALs
allow domain same_process_hal_file:dir r_dir_perms;
allow domain same_process_hal_file:file { execute read open getattr };
allow domain same_process_hal_file:file { execute read open getattr map };
# Any process can load vndk-sp libraries, which are system libraries
# used by same process HALs
allow domain vndk_sp_file:dir r_dir_perms;
allow domain vndk_sp_file:file { execute read open getattr };
allow domain vndk_sp_file:file { execute read open getattr map };
# All domains get access to /vendor/etc
allow domain vendor_configs_file:dir r_dir_perms;
@ -139,7 +139,7 @@ full_treble_only(`
# Allow reading and executing out of /vendor to all vendor domains
allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
allow { domain -coredomain } vendor_file_type:file { read open getattr execute };
allow { domain -coredomain } vendor_file_type:file { read open getattr execute map };
allow { domain -coredomain } vendor_file_type:lnk_file { getattr read };
')

4
public/te_macros
View file

@ -232,7 +232,7 @@ typeattribute $1 $2;
# Find passthrough HAL implementations
allow $2 system_file:dir r_dir_perms;
allow $2 vendor_file:dir r_dir_perms;
allow $2 vendor_file:file { read open getattr execute };
allow $2 vendor_file:file { read open getattr execute map };
')
')
@ -251,7 +251,7 @@ typeattribute $1 $2;
# Find passthrough HAL implementations
allow $2 system_file:dir r_dir_perms;
allow $2 vendor_file:dir r_dir_perms;
allow $2 vendor_file:file { read open getattr execute };
allow $2 vendor_file:file { read open getattr execute map };
')
#####################################