tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow dumpstate to read /data/system/shutdown-checkpoints/" am: 863cedfae6

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2422419

Change-Id: I8c47edbc31e2bf7bf0142ed0cb63af32385c6160
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2023-02-22 11:44:51 +00:00 committed by Automerger Merge Worker
commit c82b062d97
5 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/33.0/33.0.ignore.cil
View file

@ -53,6 +53,7 @@
remote_provisioning_service
rkpdapp
servicemanager_prop
shutdown_checkpoints_system_data_file
stats_config_data_file
system_net_netd_service
timezone_metadata_prop

3
private/file_contexts
View file

@ -783,6 +783,9 @@
# User icon files
/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0
# Shutdown-checkpoints files
/data/system/shutdown-checkpoints(/.*)? u:object_r:shutdown_checkpoints_system_data_file:s0
# vold per-user data
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0

4
private/system_server.te
View file

@ -1490,6 +1490,10 @@ neverallow { domain -system_server -init }
allow system_server self:perf_event { open write cpu kernel };
neverallow system_server self:perf_event ~{ open write cpu kernel };
# Allow writing files under /data/system/shutdown-checkpoints/
allow system_server shutdown_checkpoints_system_data_file:dir create_dir_perms;
allow system_server shutdown_checkpoints_system_data_file:file create_file_perms;
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;

4
public/dumpstate.te
View file

@ -368,6 +368,10 @@ allow dumpstate binderfs_logs_proc:file r_file_perms;
use_apex_info(dumpstate)
# Allow reading files under /data/system/shutdown-checkpoints/
allow dumpstate shutdown_checkpoints_system_data_file:dir r_dir_perms;
allow dumpstate shutdown_checkpoints_system_data_file:file r_file_perms;
###
### neverallow rules
###

2
public/file.te
View file

@ -380,6 +380,8 @@ type server_configurable_flags_data_file, file_type, data_file_type, core_data_f
type staging_data_file, file_type, data_file_type, core_data_file_type;
# /vendor/apex
type vendor_apex_file, vendor_file_type, file_type;
# /data/system/shutdown-checkpoints
type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;