Allow update_verifier to access bootctrl_block_device.
am: 14b6f44933
* commit '14b6f44933a9bdbe7ad48faf461901e2c016585d':
Allow update_verifier to access bootctrl_block_device.
This commit is contained in:
commit
85af2526ac
3 changed files with 14 additions and 0 deletions
|
@ -98,3 +98,6 @@ type metadata_block_device, dev_type;
|
|||
|
||||
# The 'misc' partition used by recovery and A/B.
|
||||
type misc_block_device, dev_type;
|
||||
|
||||
# Bootctrl block device used by A/B update (update_engine, update_verifier).
|
||||
type bootctrl_block_device, dev_type;
|
||||
|
|
|
@ -189,6 +189,7 @@
|
|||
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
|
||||
/system/bin/logd u:object_r:logd_exec:s0
|
||||
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
|
||||
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
|
||||
/system/bin/logwrapper u:object_r:system_file:s0
|
||||
/system/bin/vdc u:object_r:vdc_exec:s0
|
||||
/system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
|
||||
|
|
10
update_verifier.te
Normal file
10
update_verifier.te
Normal file
|
@ -0,0 +1,10 @@
|
|||
# update_verifier
|
||||
type update_verifier, domain;
|
||||
type update_verifier_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(update_verifier)
|
||||
|
||||
# Raw writes to bootctrl block device
|
||||
allow update_verifier bootctrl_block_device:blk_file rw_file_perms;
|
||||
|
||||
# TODO: Add rules to allow update_verifier to read system_block_device.
|
Loading…
Reference in a new issue