tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow microdroid_manager to BLKFLSBUF on the instance disk" am: 03b3b18c70

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1974319

Change-Id: I3065a65bd2c5bb4f780dfac95c9e5143f0990883
This commit is contained in:
Treehugger Robot 2022-02-07 11:59:23 +00:00 committed by Automerger Merge Worker
commit 2f94a92cdc
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
microdroid/system/private/microdroid_manager.te
View file

@ -14,6 +14,11 @@ allow microdroid_manager vd_device:blk_file rw_file_perms;
# microdroid_manager verifies DM-verity mounted APK payload
allow microdroid_manager dm_device:blk_file r_file_perms;
# Allow microdroid_manager to do blkflsbuf on instance disk image. The ioctl
# requires sys_admin cap as well.
allowxperm microdroid_manager vd_device:blk_file ioctl BLKFLSBUF;
allow microdroid_manager self:global_capability_class_set sys_admin;
# Allow microdroid_manager to start payload tasks
domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
domain_auto_trans(microdroid_manager, compos_exec, compos)