Allow vendor_init to write to misc_block_device am: db465285cf
am: 4af9448a1d
Change-Id: I1f178435ae86b871b29e9cfa3c3547b28c72b5be
This commit is contained in:
Tom Cherry
android-build-merger
commit
5d8aba8b33
2 changed files with 4 additions and 0 deletions
|
|
@ -600,6 +600,7 @@ neverallow {
|
|||
-init
|
||||
-uncrypt
|
||||
-update_engine
|
||||
-vendor_init
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
|
|
|
|||
|
|
@ -146,6 +146,9 @@ allow vendor_init serialno_prop:file { getattr open read };
|
|||
# Vendor init can perform operations on trusted and security Extended Attributes
|
||||
allow vendor_init self:global_capability_class_set sys_admin;
|
||||
|
||||
# Raw writes to misc block device
|
||||
allow vendor_init misc_block_device:blk_file w_file_perms;
|
||||
|
||||
not_compatible_property(`
|
||||
set_prop(vendor_init, {
|
||||
property_type
|
||||
|
|
|
|||
Loading…
Reference in a new issue