Merge "sgdisk: devpts and reload partition tables."
This commit is contained in:
Jeff Sharkey
Gerrit Code Review
commit
3de1e29246
1 changed files with 6 additions and 0 deletions
|
|
@ -6,10 +6,16 @@ type sgdisk_exec, exec_type, file_type;
|
|||
allow sgdisk block_device:dir search;
|
||||
allow sgdisk vold_device:blk_file rw_file_perms;
|
||||
|
||||
# Inherit and use pty created by android_fork_execvp()
|
||||
allow sgdisk devpts:chr_file { read write ioctl getattr };
|
||||
|
||||
# Allow stdin/out back to vold
|
||||
allow sgdisk vold:fd use;
|
||||
allow sgdisk vold:fifo_file { read write getattr };
|
||||
|
||||
# Used to probe kernel to reload partition tables
|
||||
allow sgdisk self:capability sys_admin;
|
||||
|
||||
# Only allow entry from vold
|
||||
neverallow { domain -vold } sgdisk:process transition;
|
||||
neverallow domain sgdisk:process dyntransition;
|
||||
|
|
|
|||
Loading…
Reference in a new issue