tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Sepolicy for microdroid_manager.init_done" am: 3c41cfa51f

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2322655

Change-Id: I887404471156e417cdc3fe52e512fc598bc977bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2022-12-01 16:58:45 +00:00 committed by Automerger Merge Worker
commit 8078bc949f
4 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
microdroid/system/private/microdroid_manager.te
View file

@ -85,6 +85,9 @@ set_prop(microdroid_manager, microdroid_manager_roothash_prop)
# Allow microdroid_manager to set sysprops calculated from the payload config
set_prop(microdroid_manager, microdroid_config_prop)
# Allow microdroid_manager to set sysprops related to microdroid_lifecycle (ex. init_done)
set_prop(microdroid_manager, microdroid_lifecycle_prop)
# Allow microdroid_manager to shutdown the device when verification fails
set_prop(microdroid_manager, powerctl_prop)

4
microdroid/system/private/property.te
View file

@ -45,10 +45,10 @@ neverallow {
domain
-init
-microdroid_manager
} microdroid_config_prop:property_service set;
} {microdroid_config_prop microdroid_lifecycle_prop}:property_service set;
neverallow {
domain
-init
-microdroid_manager
} microdroid_config_prop:file no_rw_file_perms;
} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;

2
microdroid/system/private/property_contexts
View file

@ -124,6 +124,8 @@ microdroid_manager.apk.mounted u:object_r:microdroid_manager_zipfuse_prop:s0 exa
microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
microdroid_manager.config_done u:object_r:microdroid_config_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
dev.mnt.blk.root u:object_r:dev_mnt_prop:s0 exact string
dev.mnt.blk.vendor u:object_r:dev_mnt_prop:s0 exact string
dev.mnt.dev.root u:object_r:dev_mnt_prop:s0 exact string

1
microdroid/system/public/property.te
View file

@ -41,6 +41,7 @@ type log_tag_prop, property_type;
type microdroid_manager_roothash_prop, property_type;
type microdroid_manager_zipfuse_prop, property_type;
type microdroid_config_prop, property_type;
type microdroid_lifecycle_prop, property_type;
type property_service_version_prop, property_type;
type shell_prop, property_type;
type timezone_prop, property_type;