tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""

Browse source 
This reverts commit 231c04b2b9.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: If26ba23df19e9854a121bbcf10a027c738006515
This commit is contained in:
Hridya Valsaraju 2021-05-04 22:02:22 -07:00
parent 23f9f51fcd
commit 498318cc65
4 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/30.0/30.0.ignore.cil
View file

@ -138,6 +138,7 @@
vcn_management_service vcn_management_service
vd_device vd_device
vendor_kernel_modules vendor_kernel_modules
vendor_modprobe
vibrator_manager_service vibrator_manager_service
virtualization_service virtualization_service
vpn_management_service vpn_management_service

3
private/domain.te
View file

@ -524,9 +524,12 @@ neverallow {
# debugfs_kcov type is not included in this neverallow statement since the KCOV # debugfs_kcov type is not included in this neverallow statement since the KCOV
# tool uses it for kernel fuzzing. # tool uses it for kernel fuzzing.
# vendor_modprobe is also exempted since the kernel modules it loads may create
# debugfs files in its context.
enforce_debugfs_restriction(` enforce_debugfs_restriction(`
neverallow { neverallow {
domain domain
-vendor_modprobe
userdebug_or_eng(` userdebug_or_eng(`
-init -init
-hal_dumpstate -hal_dumpstate

1
public/vendor_modprobe.te Normal file
View file

@ -0,0 +1 @@
type vendor_modprobe, domain;

2
vendor/vendor_modprobe.te vendored
View file

@ -1,5 +1,3 @@
type vendor_modprobe, domain;
# For the use of /vendor/bin/modprobe from vendor init.rc fragments # For the use of /vendor/bin/modprobe from vendor init.rc fragments
domain_trans(init, vendor_toolbox_exec, vendor_modprobe) domain_trans(init, vendor_toolbox_exec, vendor_modprobe)