tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "selinux: allow everybody to read flags from RO flag storage file" into main

Browse source
This commit is contained in:
Dennis Shen 2024-06-04 17:11:18 +00:00 committed by Gerrit Code Review
commit 0467d14618
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
private/domain.te
View file

@ -570,11 +570,11 @@ allow {
-hal_omx_server
} {shell_exec toolbox_exec}:file rx_file_perms;
# Allow all (except vendor) to read from flag value boot snapshot files and general pb files
# The boot copy of the flag value files serves flag read traffic for all processes, thus
# needs to be readable by everybody. Also, the metadata directory will contain pb file
# that records where flag storage files are, so also needs to be readable by everbody.
r_dir_file({ coredomain appdomain }, aconfig_storage_metadata_file);
# Allow all to read from flag value boot snapshot storage files and general pb files
# The boot snapshot of storage files serves flag read traffic for all processes, thus
# needs to be readable by everybody.
r_dir_file(domain, aconfig_storage_metadata_file);
r_dir_file({ coredomain appdomain }, system_aconfig_storage_file);
r_dir_file({ coredomain appdomain }, aconfig_test_mission_files);