tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl"

Browse source
This commit is contained in:
Songchun Fan 2020-08-20 17:07:40 +00:00 committed by Gerrit Code Review
commit 1d4f2221cd
4 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/30.0/private/system_server.te
View file

@ -29,7 +29,7 @@ allow system_server incremental_control_file:file { ioctl r_file_perms };
allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
# To get signature of an APK installed on Incremental File System and fill in data blocks
allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_FILLED_BLOCKS };
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;

1
prebuilts/api/30.0/public/ioctl_defines
View file

@ -1059,6 +1059,7 @@ define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e')
define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
define(`INCFS_IOCTL_GET_FILLED_BLOCKS', `0x00006722')
define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')

2
private/system_server.te
View file

@ -29,7 +29,7 @@ allow system_server incremental_control_file:file { ioctl r_file_perms };
allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
# To get signature of an APK installed on Incremental File System and fill in data blocks
allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_FILLED_BLOCKS };
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;

1
public/ioctl_defines
View file

@ -1059,6 +1059,7 @@ define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e')
define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
define(`INCFS_IOCTL_GET_FILLED_BLOCKS', `0x00006722')
define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')