Merge "[sepolicy] remove vendor_incremental_module from global sepolicy rules" into rvc-dev
This commit is contained in:
commit
3daa20f14f
5 changed files with 1 additions and 10 deletions
|
@ -105,7 +105,6 @@
|
||||||
tv_tuner_resource_mgr_service
|
tv_tuner_resource_mgr_service
|
||||||
vendor_apex_file
|
vendor_apex_file
|
||||||
vendor_boringssl_self_test
|
vendor_boringssl_self_test
|
||||||
vendor_incremental_module
|
|
||||||
vendor_install_recovery
|
vendor_install_recovery
|
||||||
vendor_install_recovery_exec
|
vendor_install_recovery_exec
|
||||||
vendor_socket_hook_prop
|
vendor_socket_hook_prop
|
||||||
|
|
|
@ -374,7 +374,6 @@
|
||||||
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
|
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
|
||||||
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
|
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
|
||||||
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
|
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
|
||||||
(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
|
|
||||||
|
|
||||||
# HAL location
|
# HAL location
|
||||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||||
|
|
|
@ -996,6 +996,7 @@ full_treble_only(`
|
||||||
-system_executes_vendor_violators
|
-system_executes_vendor_violators
|
||||||
-traced_perf # library/binary access for symbolization
|
-traced_perf # library/binary access for symbolization
|
||||||
-ueventd # reads /vendor/ueventd.rc
|
-ueventd # reads /vendor/ueventd.rc
|
||||||
|
-vold # loads incremental fs driver
|
||||||
} {
|
} {
|
||||||
vendor_file_type
|
vendor_file_type
|
||||||
-same_process_hal_file
|
-same_process_hal_file
|
||||||
|
@ -1009,7 +1010,6 @@ full_treble_only(`
|
||||||
-vendor_overlay_file
|
-vendor_overlay_file
|
||||||
-vendor_public_lib_file
|
-vendor_public_lib_file
|
||||||
-vendor_task_profiles_file
|
-vendor_task_profiles_file
|
||||||
-vendor_incremental_module
|
|
||||||
-vndk_sp_file
|
-vndk_sp_file
|
||||||
}:file *;
|
}:file *;
|
||||||
')
|
')
|
||||||
|
|
|
@ -210,8 +210,6 @@ type vendor_overlay_file, vendor_file_type, file_type;
|
||||||
# Type for all vendor public libraries. These libs should only be exposed to
|
# Type for all vendor public libraries. These libs should only be exposed to
|
||||||
# apps. ABI stability of these libs is vendor's responsibility.
|
# apps. ABI stability of these libs is vendor's responsibility.
|
||||||
type vendor_public_lib_file, vendor_file_type, file_type;
|
type vendor_public_lib_file, vendor_file_type, file_type;
|
||||||
# Default type for incremental file system driver
|
|
||||||
type vendor_incremental_module, vendor_file_type, file_type;
|
|
||||||
|
|
||||||
# Input configuration
|
# Input configuration
|
||||||
type vendor_keylayout_file, vendor_file_type, file_type;
|
type vendor_keylayout_file, vendor_file_type, file_type;
|
||||||
|
|
|
@ -52,11 +52,6 @@ allowxperm vold data_file_type:dir ioctl {
|
||||||
FS_IOC_REMOVE_ENCRYPTION_KEY
|
FS_IOC_REMOVE_ENCRYPTION_KEY
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allow to load incremental file system driver
|
|
||||||
allow vold self:capability sys_module;
|
|
||||||
allow vold vendor_incremental_module:file r_file_perms;
|
|
||||||
allow vold vendor_incremental_module:system module_load;
|
|
||||||
|
|
||||||
# Only vold and init should ever set file-based encryption policies.
|
# Only vold and init should ever set file-based encryption policies.
|
||||||
neverallowxperm {
|
neverallowxperm {
|
||||||
domain
|
domain
|
||||||
|
|
Loading…
Reference in a new issue