tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow vendor_init to write to misc_block_device

Browse source 
am: db465285cf

Change-Id: Icd5639ebae411b2c6e6acaf0db143794351dcb1c
This commit is contained in:
Tom Cherry 2018-04-13 10:17:51 -07:00 committed by android-build-merger
commit 4af9448a1d
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
public/domain.te
View file

@ -600,6 +600,7 @@ neverallow {
-init -init
-uncrypt -uncrypt
-update_engine -update_engine
-vendor_init
-vold -vold
-recovery -recovery
-ueventd -ueventd

3
public/vendor_init.te
View file

@ -146,6 +146,9 @@ allow vendor_init serialno_prop:file { getattr open read };
# Vendor init can perform operations on trusted and security Extended Attributes # Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin; allow vendor_init self:global_capability_class_set sys_admin;
# Raw writes to misc block device
allow vendor_init misc_block_device:blk_file w_file_perms;
not_compatible_property(` not_compatible_property(`
set_prop(vendor_init, { set_prop(vendor_init, {
property_type property_type