Merge "Allow lpdumpd to read Virtual A/B diagnostics." into main am: f08664825b

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2656944

Change-Id: I272915312f296451bc067cce2a26ba1fe241b006
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Anderson 2023-07-17 17:37:19 +00:00 committed by Automerger Merge Worker
commit 9bb18711a9

View file

@ -18,6 +18,16 @@ allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms;
allow lpdumpd sysfs_dt_firmware_android:file r_file_perms;
read_fstab(lpdumpd)
# Allow to get A/B slot suffix from device tree or kernel cmdline.
r_dir_file(lpdumpd, sysfs_dt_firmware_android);
allow lpdumpd proc_cmdline:file r_file_perms;
# Allow reading Virtual A/B status information.
get_prop(lpdumpd, virtual_ab_prop)
allow lpdumpd metadata_file:dir search;
allow lpdumpd ota_metadata_file:dir { r_dir_perms lock };
allow lpdumpd ota_metadata_file:file r_file_perms;
### Neverallow rules
# Disallow other domains to get lpdump_service and call lpdumpd.