tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b am: 9bb18711a9

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: Ibcf4d3c147b00b41ec41b2d7ede2cdccd2f5e544
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Anderson 2023-07-17 18:22:33 +00:00 committed by Automerger Merge Worker
commit 383c3d4908
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
private/lpdumpd.te
View file

@ -18,6 +18,16 @@ allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms;
allow lpdumpd sysfs_dt_firmware_android:file r_file_perms;
read_fstab(lpdumpd)
# Allow to get A/B slot suffix from device tree or kernel cmdline.
r_dir_file(lpdumpd, sysfs_dt_firmware_android);
allow lpdumpd proc_cmdline:file r_file_perms;
# Allow reading Virtual A/B status information.
get_prop(lpdumpd, virtual_ab_prop)
allow lpdumpd metadata_file:dir search;
allow lpdumpd ota_metadata_file:dir { r_dir_perms lock };
allow lpdumpd ota_metadata_file:file r_file_perms;
### Neverallow rules
# Disallow other domains to get lpdump_service and call lpdumpd.