Add sepolicy for IBootControl 1.1 and the default HAL.
Bug: 138861550 Test: manual test Change-Id: Ibc9a55266a2726cb8dc8550be0264db30b66109e
This commit is contained in:
parent
5274d21bce
commit
549e3c6d91
2 changed files with 13 additions and 1 deletions
2
vendor/file_contexts
vendored
2
vendor/file_contexts
vendored
|
@ -10,7 +10,7 @@
|
|||
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service u:object_r:hal_camera_default_exec:s0
|
||||
|
|
12
vendor/hal_bootctl_default.te
vendored
12
vendor/hal_bootctl_default.te
vendored
|
@ -4,3 +4,15 @@ hal_server_domain(hal_bootctl_default, hal_bootctl)
|
|||
|
||||
type hal_bootctl_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_bootctl_default)
|
||||
|
||||
# Needed for ReadDefaultFstab.
|
||||
allow hal_bootctl_default proc_cmdline:file r_file_perms;
|
||||
allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
|
||||
|
||||
# ReadDefaultFstab looks for /metadata/gsi/booted. We don't care about getting
|
||||
# a GSI-corrected fstab.
|
||||
dontaudit hal_bootctl_default metadata_file:dir search;
|
||||
|
||||
# Needed for reading/writing misc partition.
|
||||
allow hal_bootctl_default block_device:dir search;
|
||||
allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;
|
||||
|
|
Loading…
Reference in a new issue