tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add ota_package_file label for OTA packages."

Browse source
This commit is contained in:
Treehugger Robot 2016-09-13 05:57:21 +00:00 committed by Gerrit Code Review
commit b4b78c18a9
5 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
file.te
View file

@ -97,6 +97,8 @@ type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
type dalvikcache_data_file, file_type, data_file_type;
# /data/ota
type ota_data_file, file_type, data_file_type;
# /data/ota_package
type ota_package_file, file_type, data_file_type, mlstrustedobject;
# /data/misc/profiles
type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;

1
file_contexts
View file

@ -241,6 +241,7 @@
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
/data/ota(/.*)? u:object_r:ota_data_file:s0
/data/ota_package(/.*)? u:object_r:ota_package_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0

4
priv_app.te
View file

@ -45,6 +45,10 @@ allow priv_app mnt_media_rw_file:dir search;
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
# Write to /data/ota_package for OTA packages.
allow priv_app ota_package_file:dir rw_dir_perms;
allow priv_app ota_package_file:file create_file_perms;
# Access to /data/media.
allow priv_app media_rw_data_file:dir create_dir_perms;
allow priv_app media_rw_data_file:file create_file_perms;

4
uncrypt.te
View file

@ -19,6 +19,10 @@ userdebug_or_eng(`
allow uncrypt cache_recovery_file:dir rw_dir_perms;
allow uncrypt cache_recovery_file:file create_file_perms;
# Read OTA zip file at /data/ota_package/.
allow uncrypt ota_package_file:dir r_dir_perms;
allow uncrypt ota_package_file:file r_file_perms;
# Write to /dev/socket/uncrypt
unix_socket_connect(uncrypt, uncrypt, uncrypt)

4
update_engine.te
View file

@ -30,3 +30,7 @@ allow update_engine update_engine_service:service_manager { add };
# Allow update_engine to call the callback function provided by priv_app.
binder_call(update_engine, priv_app)
# Read OTA zip file at /data/ota_package/.
allow update_engine ota_package_file:file r_file_perms;
allow update_engine ota_package_file:dir r_dir_perms;