Allow apexd to enable fsverity on /metadata
Bug: 218672709 Test: manual tests Change-Id: Idaead3ecd3f3488512908febbdc368e184b7bca9
This commit is contained in:
sandrom
parent
8ce2e156d0
commit
6446490287
1 changed files with 4 additions and 0 deletions
|
|
@ -16,6 +16,10 @@ allow apexd apex_metadata_file:file create_file_perms;
|
||||||
# Allow creating and writing APEX files/dirs in the SEPolicy metadata dir
|
# Allow creating and writing APEX files/dirs in the SEPolicy metadata dir
|
||||||
allow apexd sepolicy_metadata_file:dir create_dir_perms;
|
allow apexd sepolicy_metadata_file:dir create_dir_perms;
|
||||||
allow apexd sepolicy_metadata_file:file create_file_perms;
|
allow apexd sepolicy_metadata_file:file create_file_perms;
|
||||||
|
# Allow apexd to setup fs-verity for SEPolicy files in metadata
|
||||||
|
allowxperm apexd sepolicy_metadata_file:file ioctl {
|
||||||
|
FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
|
||||||
|
};
|
||||||
|
|
||||||
# Allow reserving space on /data/apex/ota_reserved for apex decompression
|
# Allow reserving space on /data/apex/ota_reserved for apex decompression
|
||||||
allow apexd apex_ota_reserved_file:dir create_dir_perms;
|
allow apexd apex_ota_reserved_file:dir create_dir_perms;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue