Add sepolicy for /proc/bootconfig
Vendor boot hal, init, and vold processes all require permission. Test: build and boot aosp_cf_x86_64_phone Bug: 173815685 Change-Id: I15692dcd39dfc9c3a3b7d8c12d03eff0a7c96f72
This commit is contained in:
parent
74e85309f4
commit
840d4f3bf3
6 changed files with 9 additions and 1 deletions
|
@ -1809,7 +1809,9 @@
|
||||||
(typeattributeset print_service_30_0 (print_service))
|
(typeattributeset print_service_30_0 (print_service))
|
||||||
(typeattributeset priv_app_30_0 (priv_app))
|
(typeattributeset priv_app_30_0 (priv_app))
|
||||||
(typeattributeset privapp_data_file_30_0 (privapp_data_file))
|
(typeattributeset privapp_data_file_30_0 (privapp_data_file))
|
||||||
(typeattributeset proc_30_0 (proc))
|
(typeattributeset proc_30_0
|
||||||
|
( proc
|
||||||
|
proc_bootconfig))
|
||||||
(typeattributeset proc_abi_30_0 (proc_abi))
|
(typeattributeset proc_abi_30_0 (proc_abi))
|
||||||
(typeattributeset proc_asound_30_0 (proc_asound))
|
(typeattributeset proc_asound_30_0 (proc_asound))
|
||||||
(typeattributeset proc_bluetooth_writable_30_0 (proc_bluetooth_writable))
|
(typeattributeset proc_bluetooth_writable_30_0 (proc_bluetooth_writable))
|
||||||
|
|
|
@ -3,6 +3,7 @@ genfscon rootfs / u:object_r:rootfs:s0
|
||||||
# proc labeling can be further refined (longest matching prefix).
|
# proc labeling can be further refined (longest matching prefix).
|
||||||
genfscon proc / u:object_r:proc:s0
|
genfscon proc / u:object_r:proc:s0
|
||||||
genfscon proc /asound u:object_r:proc_asound:s0
|
genfscon proc /asound u:object_r:proc_asound:s0
|
||||||
|
genfscon proc /bootconfig u:object_r:proc_bootconfig:s0
|
||||||
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
||||||
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
||||||
genfscon proc /config.gz u:object_r:config_gz:s0
|
genfscon proc /config.gz u:object_r:config_gz:s0
|
||||||
|
|
|
@ -21,6 +21,7 @@ type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
|
||||||
type proc_bluetooth_writable, fs_type, proc_type;
|
type proc_bluetooth_writable, fs_type, proc_type;
|
||||||
type proc_abi, fs_type, proc_type;
|
type proc_abi, fs_type, proc_type;
|
||||||
type proc_asound, fs_type, proc_type;
|
type proc_asound, fs_type, proc_type;
|
||||||
|
type proc_bootconfig, fs_type, proc_type;
|
||||||
type proc_buddyinfo, fs_type, proc_type;
|
type proc_buddyinfo, fs_type, proc_type;
|
||||||
type proc_cmdline, fs_type, proc_type;
|
type proc_cmdline, fs_type, proc_type;
|
||||||
type proc_cpuinfo, fs_type, proc_type;
|
type proc_cpuinfo, fs_type, proc_type;
|
||||||
|
|
|
@ -3,3 +3,4 @@ binder_call(hal_bootctl_client, hal_bootctl_server)
|
||||||
binder_call(hal_bootctl_server, hal_bootctl_client)
|
binder_call(hal_bootctl_server, hal_bootctl_client)
|
||||||
|
|
||||||
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
|
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
|
||||||
|
allow hal_bootctl_server proc_bootconfig:file r_file_perms;
|
||||||
|
|
|
@ -350,6 +350,7 @@ userdebug_or_eng(`
|
||||||
|
|
||||||
allow init {
|
allow init {
|
||||||
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
|
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
|
||||||
|
proc_bootconfig
|
||||||
proc_cmdline
|
proc_cmdline
|
||||||
proc_diskstats
|
proc_diskstats
|
||||||
proc_kmsg # Open /proc/kmsg for logd service.
|
proc_kmsg # Open /proc/kmsg for logd service.
|
||||||
|
@ -383,6 +384,7 @@ allow init {
|
||||||
# init chmod/chown access to /proc files.
|
# init chmod/chown access to /proc files.
|
||||||
allow init {
|
allow init {
|
||||||
proc_cmdline
|
proc_cmdline
|
||||||
|
proc_bootconfig
|
||||||
proc_kmsg
|
proc_kmsg
|
||||||
proc_net
|
proc_net
|
||||||
proc_pagetypeinfo
|
proc_pagetypeinfo
|
||||||
|
|
|
@ -23,6 +23,7 @@ r_dir_file(vold, rootfs)
|
||||||
r_dir_file(vold, metadata_file)
|
r_dir_file(vold, metadata_file)
|
||||||
allow vold {
|
allow vold {
|
||||||
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
|
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
|
||||||
|
proc_bootconfig
|
||||||
proc_cmdline
|
proc_cmdline
|
||||||
proc_drop_caches
|
proc_drop_caches
|
||||||
proc_filesystems
|
proc_filesystems
|
||||||
|
|
Loading…
Reference in a new issue