tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge changes from topic "use_generated_linkerconfig"

Browse source 
am: aff00188eb

Change-Id: I82225595e27aee8677c94d6a713d6ef5a195e2d7
This commit is contained in:
Kiyoung Kim 2019-08-14 02:47:24 -07:00 committed by android-build-merger
commit 039549102c
6 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/29.0/29.0.ignore.cil
View file

@ -13,6 +13,7 @@
hal_can_bus_hwservice hal_can_bus_hwservice
hal_can_controller_hwservice hal_can_controller_hwservice
init_svc_debug_prop init_svc_debug_prop
linker_prop
ota_metadata_file ota_metadata_file
runtime_apex_dir runtime_apex_dir
system_ashmem_hwservice system_ashmem_hwservice

3
private/domain.te
View file

@ -42,6 +42,9 @@ allow domain vendor_task_profiles_file:file r_file_perms;
# if memfd support can be used if device supports it # if memfd support can be used if device supports it
get_prop(domain, use_memfd_prop); get_prop(domain, use_memfd_prop);
# Allow to read properties for linker
get_prop(domain, linker_prop);
# For now, everyone can access core property files # For now, everyone can access core property files
# Device specific properties are not granted by default # Device specific properties are not granted by default
not_compatible_property(` not_compatible_property(`

1
private/property_contexts
View file

@ -23,6 +23,7 @@ hw. u:object_r:system_prop:s0
ro.hw. u:object_r:system_prop:s0 ro.hw. u:object_r:system_prop:s0
sys. u:object_r:system_prop:s0 sys. u:object_r:system_prop:s0
sys.cppreopt u:object_r:cppreopt_prop:s0 sys.cppreopt u:object_r:cppreopt_prop:s0
sys.linker. u:object_r:linker_prop:s0
sys.lpdumpd u:object_r:lpdumpd_prop:s0 sys.lpdumpd u:object_r:lpdumpd_prop:s0
sys.powerctl u:object_r:powerctl_prop:s0 sys.powerctl u:object_r:powerctl_prop:s0
sys.usb.ffs. u:object_r:ffs_prop:s0 sys.usb.ffs. u:object_r:ffs_prop:s0

5
private/shell.te
View file

@ -74,3 +74,8 @@ allow shell rs_exec:file rx_file_perms;
# Allow shell to start and comminicate with lpdumpd. # Allow shell to start and comminicate with lpdumpd.
set_prop(shell, lpdumpd_prop); set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd) binder_call(shell, lpdumpd)
# Allow shell to set linker property
userdebug_or_eng(`
set_prop(shell, linker_prop)
')

9
public/property.te
View file

@ -58,6 +58,7 @@ type hwservicemanager_prop, property_type;
type init_svc_debug_prop, property_type; type init_svc_debug_prop, property_type;
type last_boot_reason_prop, property_type; type last_boot_reason_prop, property_type;
type system_lmk_prop, property_type; type system_lmk_prop, property_type;
type linker_prop, property_type;
type llkd_prop, property_type; type llkd_prop, property_type;
type logd_prop, property_type, core_property_type; type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type; type logpersistd_logging_prop, property_type;
@ -192,6 +193,13 @@ dontaudit domain {
ctl_rildaemon_prop ctl_rildaemon_prop
}:property_service set; }:property_service set;
# Do now allow to modify linker properties except shell and init
neverallow {
domain
-init
userdebug_or_eng(`-shell')
} linker_prop:property_service set;
neverallow { neverallow {
domain domain
-init -init
@ -451,6 +459,7 @@ compatible_property_only(`
-hwservicemanager_prop -hwservicemanager_prop
-last_boot_reason_prop -last_boot_reason_prop
-system_lmk_prop -system_lmk_prop
-linker_prop
-log_prop -log_prop
-log_tag_prop -log_tag_prop
-logd_prop -logd_prop

1
public/vendor_init.te
View file

@ -218,6 +218,7 @@ not_compatible_property(`
-gsid_prop -gsid_prop
-nnapi_ext_deny_product_prop -nnapi_ext_deny_product_prop
-init_svc_debug_prop -init_svc_debug_prop
-linker_prop
}) })
') ')