Merge "Allow init to set up dm-verity"
This commit is contained in:
Sami Tolvanen
Gerrit Code Review
commit
723e31efe5
1 changed files with 12 additions and 0 deletions
12
init.te
12
init.te
|
|
@ -222,6 +222,18 @@ allow init device:chr_file { rw_file_perms setattr };
|
|||
# keychord configuration
|
||||
allow init self:capability sys_tty_config;
|
||||
|
||||
# Access device mapper for setting up dm-verity
|
||||
allow init dm_device:chr_file rw_file_perms;
|
||||
allow init dm_device:blk_file rw_file_perms;
|
||||
|
||||
# Access metadata block device for storing dm-verity state
|
||||
allow init metadata_block_device:blk_file rw_file_perms;
|
||||
|
||||
# Read /sys/fs/pstore/console-ramoops to detect restarts caused
|
||||
# by dm-verity detecting corrupted blocks
|
||||
allow init pstorefs:dir search;
|
||||
allow init pstorefs:file r_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
|||
Loading…
Reference in a new issue