Merge "Adds a new prop context for choosing between multi-installed APEXes." am: 8e276eae6b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1869814 Change-Id: Idb0cbbe30faec914e9d894564733d50e213f77e0
This commit is contained in:
commit
d6746bd67a
4 changed files with 8 additions and 0 deletions
|
@ -155,6 +155,10 @@ get_prop(apexd, cold_boot_done_prop)
|
|||
# Allow apexd to read per-device configuration properties.
|
||||
get_prop(apexd, apexd_config_prop)
|
||||
|
||||
# Allow apexd to read apex selection properties.
|
||||
# These are used to choose between multi-installed APEXes at activation time.
|
||||
get_prop(apexd, apexd_select_prop)
|
||||
|
||||
neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
|
||||
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
(typeattribute new_objects)
|
||||
(typeattributeset new_objects
|
||||
( new_objects
|
||||
apexd_select_prop
|
||||
artd_service
|
||||
attestation_verification_service
|
||||
camera2_extensions_prop
|
||||
|
|
|
@ -265,6 +265,8 @@ apexd. u:object_r:apexd_prop:s0
|
|||
apexd.config.dm_delete.timeout u:object_r:apexd_config_prop:s0 exact uint
|
||||
apexd.config.dm_create.timeout u:object_r:apexd_config_prop:s0 exact uint
|
||||
persist.apexd. u:object_r:apexd_prop:s0
|
||||
persist.vendor.apex. u:object_r:apexd_select_prop:s0
|
||||
ro.boot.vendor.apex. u:object_r:apexd_select_prop:s0
|
||||
|
||||
bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0
|
||||
|
||||
|
|
|
@ -115,6 +115,7 @@ compatible_property_only(`
|
|||
|
||||
# Properties which can be written only by vendor_init
|
||||
system_vendor_config_prop(apexd_config_prop)
|
||||
system_vendor_config_prop(apexd_select_prop)
|
||||
system_vendor_config_prop(aaudio_config_prop)
|
||||
system_vendor_config_prop(apk_verity_prop)
|
||||
system_vendor_config_prop(audio_config_prop)
|
||||
|
|
Loading…
Reference in a new issue