Add linker config generator and output file to sepolicy
Sepolicy for linkerconfig generator and ld.config.txt file from generator Bug: 135004088 Test: m -j & tested from device Change-Id: I2ea7653a33996dde67a84a2e7a0efa660886434a
This commit is contained in:
Kiyoung Kim
parent
31056ae11d
commit
affa6f323c
4 changed files with 18 additions and 0 deletions
|
|
@ -82,6 +82,9 @@ userdebug_or_eng(`
|
|||
allow domain su:key search;
|
||||
')
|
||||
|
||||
# Allow access to linkerconfig file
|
||||
allow domain linkerconfig_file:file r_file_perms;
|
||||
|
||||
# Limit ability to ptrace or read sensitive /proc/pid files of processes
|
||||
# with other UIDs to these whitelisted domains.
|
||||
neverallow {
|
||||
|
|
|
|||
|
|
@ -20,3 +20,6 @@ typealias app_exec_data_file alias rs_data_file;
|
|||
# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
|
||||
# of application data.
|
||||
type rollback_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /dev/linkerconfig(/.*)?
|
||||
type linkerconfig_file, file_type;
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@
|
|||
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
|
||||
/dev/ion u:object_r:ion_device:s0
|
||||
/dev/keychord u:object_r:keychord_device:s0
|
||||
/dev/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
|
||||
/dev/loop-control u:object_r:loop_control_device:s0
|
||||
/dev/modem.* u:object_r:radio_device:s0
|
||||
/dev/mtp_usb u:object_r:mtp_device:s0
|
||||
|
|
@ -261,6 +262,7 @@
|
|||
/system/bin/healthd u:object_r:healthd_exec:s0
|
||||
/system/bin/clatd u:object_r:clatd_exec:s0
|
||||
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
|
||||
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
|
||||
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
|
||||
/system/bin/llkd u:object_r:llkd_exec:s0
|
||||
/system/bin/lmkd u:object_r:lmkd_exec:s0
|
||||
|
|
|
|||
10
private/linkerconfig.te
Normal file
10
private/linkerconfig.te
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
type linkerconfig, domain, coredomain;
|
||||
type linkerconfig_exec, exec_type, file_type, system_file_type;
|
||||
|
||||
init_daemon_domain(linkerconfig)
|
||||
|
||||
## Read and write linkerconfig subdirectory.
|
||||
allow linkerconfig linkerconfig_file:dir rw_dir_perms;
|
||||
allow linkerconfig linkerconfig_file:file create_file_perms;
|
||||
|
||||
neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms;
|
||||
Loading…
Reference in a new issue