SELinux policy for /data/misc/profman
Bug: 28748264 Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5
This commit is contained in:
parent
0e1153ec4e
commit
a5d0792508
6 changed files with 16 additions and 0 deletions
4
adbd.te
4
adbd.te
|
@ -34,6 +34,10 @@ allow adbd devpts:chr_file rw_file_perms;
|
||||||
allow adbd shell_data_file:dir create_dir_perms;
|
allow adbd shell_data_file:dir create_dir_perms;
|
||||||
allow adbd shell_data_file:file create_file_perms;
|
allow adbd shell_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
# adb pull /data/misc/profman.
|
||||||
|
allow adbd profman_dump_data_file:dir r_dir_perms;
|
||||||
|
allow adbd profman_dump_data_file:file r_file_perms;
|
||||||
|
|
||||||
# adb push/pull sdcard.
|
# adb push/pull sdcard.
|
||||||
allow adbd tmpfs:dir search;
|
allow adbd tmpfs:dir search;
|
||||||
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
|
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
|
||||||
|
|
2
file.te
2
file.te
|
@ -94,6 +94,8 @@ type ota_data_file, file_type, data_file_type;
|
||||||
# /data/misc/profiles
|
# /data/misc/profiles
|
||||||
type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
|
type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;
|
type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
|
# /data/misc/profman
|
||||||
|
type profman_dump_data_file, file_type, data_file_type;
|
||||||
# /data/resource-cache
|
# /data/resource-cache
|
||||||
type resourcecache_data_file, file_type, data_file_type;
|
type resourcecache_data_file, file_type, data_file_type;
|
||||||
# /data/local - writable by shell
|
# /data/local - writable by shell
|
||||||
|
|
|
@ -302,6 +302,7 @@
|
||||||
/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0
|
/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0
|
||||||
/data/misc/profiles/cur/[0-9]+/foreign-dex(/.*)? u:object_r:user_profile_foreign_dex_data_file:s0
|
/data/misc/profiles/cur/[0-9]+/foreign-dex(/.*)? u:object_r:user_profile_foreign_dex_data_file:s0
|
||||||
/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0
|
/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0
|
||||||
|
/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0
|
||||||
|
|
||||||
# Fingerprint data
|
# Fingerprint data
|
||||||
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
|
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
|
||||||
|
|
|
@ -119,6 +119,9 @@ allow installd user_profile_data_file:dir create_dir_perms;
|
||||||
allow installd user_profile_data_file:file create_file_perms;
|
allow installd user_profile_data_file:file create_file_perms;
|
||||||
allow installd user_profile_data_file:dir rmdir;
|
allow installd user_profile_data_file:dir rmdir;
|
||||||
allow installd user_profile_data_file:file unlink;
|
allow installd user_profile_data_file:file unlink;
|
||||||
|
# Files created/updated by profman dumps.
|
||||||
|
allow installd profman_dump_data_file:dir { search add_name write };
|
||||||
|
allow installd profman_dump_data_file:file { create setattr open write };
|
||||||
|
|
||||||
# Create and use pty created by android_fork_execvp().
|
# Create and use pty created by android_fork_execvp().
|
||||||
allow installd devpts:chr_file rw_file_perms;
|
allow installd devpts:chr_file rw_file_perms;
|
||||||
|
|
|
@ -4,6 +4,8 @@ type profman_exec, exec_type, file_type;
|
||||||
|
|
||||||
allow profman user_profile_data_file:file { getattr read write lock };
|
allow profman user_profile_data_file:file { getattr read write lock };
|
||||||
|
|
||||||
|
allow profman profman_dump_data_file:file { write };
|
||||||
|
|
||||||
allow profman installd:fd use;
|
allow profman installd:fd use;
|
||||||
|
|
||||||
neverallow profman app_data_file:notdevfile_class_set open;
|
neverallow profman app_data_file:notdevfile_class_set open;
|
||||||
|
|
4
shell.te
4
shell.te
|
@ -34,6 +34,10 @@ allow shell shell_data_file:file create_file_perms;
|
||||||
allow shell shell_data_file:file rx_file_perms;
|
allow shell shell_data_file:file rx_file_perms;
|
||||||
allow shell shell_data_file:lnk_file create_file_perms;
|
allow shell shell_data_file:lnk_file create_file_perms;
|
||||||
|
|
||||||
|
# Access /data/misc/profman.
|
||||||
|
allow shell profman_dump_data_file:dir { search getattr write remove_name };
|
||||||
|
allow shell profman_dump_data_file:file { getattr unlink };
|
||||||
|
|
||||||
# Read/execute files in /data/nativetest
|
# Read/execute files in /data/nativetest
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
allow shell nativetest_data_file:dir r_dir_perms;
|
allow shell nativetest_data_file:dir r_dir_perms;
|
||||||
|
|
Loading…
Reference in a new issue