tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow system_server to reopen its own memfd." into main

Browse source
This commit is contained in:
Treehugger Robot 2024-05-23 13:45:23 +00:00 committed by Gerrit Code Review
commit ab0272ccb4
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
private/system_server.te
View file

@ -1645,6 +1645,11 @@ neverallow {
# in Pre-reboot Dexopt. # in Pre-reboot Dexopt.
allow system_server pre_reboot_dexopt_file:dir { getattr search }; allow system_server pre_reboot_dexopt_file:dir { getattr search };
# Allow system_server to reopen its own memfd.
# system_server needs to copy the new service-art.jar to a memfd and reopen it with the path
# /proc/self/fd/<fd> with a classloader.
allow system_server system_server_tmpfs:file open;
# Do not allow any domain other than init or system server to get or set the property # Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set; neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms; neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;