tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission"

Browse source
This commit is contained in:
Eric Biggers 2022-04-27 19:24:57 +00:00 committed by Gerrit Code Review
commit 74e65cb878
1 changed files with 2 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
public/toolbox.te
View file

@ -1,5 +1,4 @@
# Any toolbox command run by init. # Any toolbox command run by init.
# At present, the only known usage is for running mkswap via fs_mgr.
# Do NOT use this domain for toolbox when run by any other domain. # Do NOT use this domain for toolbox when run by any other domain.
type toolbox, domain; type toolbox, domain;
type toolbox_exec, system_file_type, exec_type, file_type; type toolbox_exec, system_file_type, exec_type, file_type;
@ -28,11 +27,6 @@ allow toolbox system_data_root_file:dir { remove_name write };
allow toolbox system_data_file:dir { rmdir rw_dir_perms }; allow toolbox system_data_file:dir { rmdir rw_dir_perms };
allow toolbox system_data_file:file { getattr unlink }; allow toolbox system_data_file:file { getattr unlink };
# chattr +F and chattr +P /data/media in init # chattr +F /data/media in init
allow toolbox media_rw_data_file:dir { r_dir_perms setattr }; allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
allowxperm toolbox media_rw_data_file:dir ioctl { allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };
FS_IOC_FSGETXATTR
FS_IOC_FSSETXATTR
FS_IOC_GETFLAGS
FS_IOC_SETFLAGS
};