tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Define access to AVF chosen node properties"

Browse source
This commit is contained in:
Andrew Scull 2022-03-14 17:06:24 +00:00 committed by Gerrit Code Review
commit 629e12499a
4 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
microdroid/system/private/genfs_contexts
View file

@ -138,6 +138,8 @@ genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /firmware/devicetree/base/chosen/avf,new-instance u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/chosen/avf,strict-boot u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0

3
microdroid/system/private/microdroid_manager.te
View file

@ -14,6 +14,9 @@ allow microdroid_manager vd_device:blk_file rw_file_perms;
# microdroid_manager verifies DM-verity mounted APK payload
allow microdroid_manager dm_device:blk_file r_file_perms;
# microdroid_manager can query AVF flags in the device tree
allow microdroid_manager sysfs_dt_avf:file r_file_perms;
# Allow microdroid_manager to do blkflsbuf on instance disk image. The ioctl
# requires sys_admin cap as well.
allowxperm microdroid_manager vd_device:blk_file ioctl BLKFLSBUF;

1
microdroid/system/public/file.te
View file

@ -167,6 +167,7 @@ type sysfs_dm, fs_type, sysfs_type;
type sysfs_dm_verity, fs_type, sysfs_type;
type sysfs_dma_heap, fs_type, sysfs_type;
type sysfs_dmabuf_stats, fs_type, sysfs_type;
type sysfs_dt_avf, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
type sysfs_extcon, fs_type, sysfs_type;
type sysfs_fs_ext4_features, fs_type, sysfs_type;

1
microdroid/vendor/hal_dice_default.te vendored
View file

@ -10,4 +10,5 @@ init_daemon_domain(hal_dice_default)
# hal_dice_default is using bootstrap bionic
use_bootstrap_libs(hal_dice_default)
allow hal_dice_default sysfs_dt_avf:file r_file_perms;
allow hal_dice_default open_dice_device:chr_file rw_file_perms;