Merge "Allow system app and update_engine to read OTA from /vendor" into main
This commit is contained in:
commit
c9b15f596b
7 changed files with 17 additions and 1 deletions
|
@ -539,6 +539,8 @@
|
|||
/vendor/priv-app/test vendor_app_file
|
||||
/system/vendor/priv-app vendor_app_file
|
||||
/system/vendor/priv-app/test vendor_app_file
|
||||
/vendor/boot_otas/ vendor_boot_ota_file
|
||||
/vendor/boot_otas/test vendor_boot_ota_file
|
||||
/vendor/overlay vendor_overlay_file
|
||||
/vendor/overlay/test vendor_overlay_file
|
||||
/system/vendor/overlay vendor_overlay_file
|
||||
|
|
|
@ -2682,7 +2682,7 @@
|
|||
(typeattributeset vendor_configs_file_202404 (vendor_configs_file))
|
||||
(typeattributeset vendor_data_file_202404 (vendor_data_file))
|
||||
(typeattributeset vendor_default_prop_202404 (vendor_default_prop))
|
||||
(typeattributeset vendor_file_202404 (vendor_file))
|
||||
(typeattributeset vendor_file_202404 (vendor_file vendor_boot_ota_file))
|
||||
(typeattributeset vendor_framework_file_202404 (vendor_framework_file))
|
||||
(typeattributeset vendor_hal_file_202404 (vendor_hal_file))
|
||||
(typeattributeset vendor_idc_file_202404 (vendor_idc_file))
|
||||
|
|
|
@ -2036,6 +2036,7 @@ full_treble_only(`
|
|||
-vendor_app_file
|
||||
-vendor_apex_file
|
||||
-vendor_apex_metadata_file
|
||||
-vendor_boot_ota_file
|
||||
-vendor_configs_file
|
||||
-vendor_microdroid_file
|
||||
-vendor_service_contexts_file
|
||||
|
|
|
@ -437,6 +437,8 @@
|
|||
|
||||
/(vendor|system/vendor)/etc/aconfig(/.*)? u:object_r:vendor_aconfig_storage_file:s0
|
||||
|
||||
/vendor/boot_otas(/.*)? u:object_r:vendor_boot_ota_file:s0
|
||||
|
||||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
|
|
|
@ -196,3 +196,6 @@ neverallow system_app shell_data_file:file { open read ioctl lock };
|
|||
neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
|
||||
# system_app should be the only domain writing the force l3 prop
|
||||
neverallow { domain -init -system_app } drm_forcel3_prop:property_service set;
|
||||
|
||||
allow system_app vendor_boot_ota_file:dir { r_dir_perms };
|
||||
allow system_app vendor_boot_ota_file:file { r_file_perms };
|
||||
|
|
|
@ -115,3 +115,6 @@ allow update_engine snapshotctl_log_data_file:file create_file_perms;
|
|||
# Allow determining filesystems available on system.
|
||||
# Needed for checking if overlayfs is enabled
|
||||
allow update_engine proc_filesystems:file r_file_perms;
|
||||
|
||||
allow update_engine vendor_boot_ota_file:dir { r_dir_perms };
|
||||
allow update_engine vendor_boot_ota_file:file { r_file_perms };
|
||||
|
|
|
@ -280,6 +280,11 @@ type vendor_public_framework_file, vendor_file_type, file_type;
|
|||
# Files having this type should be read-only.
|
||||
type vendor_microdroid_file, vendor_file_type, file_type;
|
||||
|
||||
starting_at_board_api(202504, `
|
||||
# boot otas for 16KB developer option
|
||||
type vendor_boot_ota_file, vendor_file_type, file_type;
|
||||
')
|
||||
|
||||
# Input configuration
|
||||
type vendor_keylayout_file, vendor_file_type, file_type;
|
||||
type vendor_keychars_file, vendor_file_type, file_type;
|
||||
|
|
Loading…
Reference in a new issue