tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "selinux rules for loading incremental module" am: 3cf7d1b5ee am: 8c020eec71 am: 0c789cc584

Browse source 
Change-Id: Ifdd7e864f7d9fee65aac576272a1fedb8ee88e71
This commit is contained in:
Automerger Merge Worker 2020-02-07 20:14:44 +00:00
commit d951bab082
5 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/29.0/29.0.ignore.cil
View file

@ -89,6 +89,7 @@
vehicle_hal_prop vehicle_hal_prop
vendor_apex_file vendor_apex_file
vendor_boringssl_self_test vendor_boringssl_self_test
vendor_incremental_module
vendor_install_recovery vendor_install_recovery
vendor_install_recovery_exec vendor_install_recovery_exec
virtual_ab_prop)) virtual_ab_prop))

1
private/file_contexts
View file

@ -372,6 +372,7 @@
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0 /(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0 /(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0 /(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
# HAL location # HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0

1
public/domain.te
View file

@ -1004,6 +1004,7 @@ full_treble_only(`
-vendor_overlay_file -vendor_overlay_file
-vendor_public_lib_file -vendor_public_lib_file
-vendor_task_profiles_file -vendor_task_profiles_file
-vendor_incremental_module
-vndk_sp_file -vndk_sp_file
}:file *; }:file *;
') ')

2
public/file.te
View file

@ -210,6 +210,8 @@ type vendor_overlay_file, vendor_file_type, file_type;
# Type for all vendor public libraries. These libs should only be exposed to # Type for all vendor public libraries. These libs should only be exposed to
# apps. ABI stability of these libs is vendor's responsibility. # apps. ABI stability of these libs is vendor's responsibility.
type vendor_public_lib_file, vendor_file_type, file_type; type vendor_public_lib_file, vendor_file_type, file_type;
# Default type for incremental file system driver
type vendor_incremental_module, vendor_file_type, file_type;
# Input configuration # Input configuration
type vendor_keylayout_file, vendor_file_type, file_type; type vendor_keylayout_file, vendor_file_type, file_type;

5
public/vold.te
View file

@ -52,6 +52,11 @@ allowxperm vold data_file_type:dir ioctl {
FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY
}; };
# Allow to load incremental file system driver
allow vold self:capability sys_module;
allow vold vendor_incremental_module:file r_file_perms;
allow vold vendor_incremental_module:system module_load;
# Only vold and init should ever set file-based encryption policies. # Only vold and init should ever set file-based encryption policies.
neverallowxperm { neverallowxperm {
domain domain