tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

allow system server to search into /metadata/aconfig dir

Browse source 
Bug: b/312459182
Test: m
Change-Id: I44a2113b53b23a47d30460d0e7120bbeceb3ecbf
This commit is contained in:
Dennis Shen 2024-03-12 16:50:22 +00:00
parent efcc8dbdd7
commit 662d5e68f1
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/domain.te
View file

@ -813,5 +813,5 @@ neverallow { domain -init } kcmdlinectrl:process { dyntransition transition };
neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
# Do not allow write access to aconfig flag value files except init and aconfigd
neverallow { domain -init -aconfigd } aconfig_storage_metadata_file:dir *;
neverallow { domain -init -aconfigd } aconfig_storage_metadata_file:file no_w_file_perms;
neverallow { domain -init -aconfigd -system_server } aconfig_storage_metadata_file:dir *;
neverallow { domain -init -aconfigd -system_server } aconfig_storage_metadata_file:file no_w_file_perms;

1
private/system_server.te
View file

@ -1470,6 +1470,7 @@ allow system_server watchdog_metadata_file:file create_file_perms;
allow system_server aconfig_storage_flags_metadata_file:dir rw_dir_perms;
allow system_server aconfig_storage_flags_metadata_file:file create_file_perms;
allow system_server aconfig_storage_metadata_file:dir search;
allow system_server repair_mode_metadata_file:dir rw_dir_perms;
allow system_server repair_mode_metadata_file:file create_file_perms;