Allow vendor_init to write to misc_block_device
Vendors may use this to write custom messages to their bootloader, and as the bootloader is under vendor control, this makes sense to allow. Bug: 77881566 Test: build Change-Id: I78f80400e5f386cad1327a9209ee1afc8e334e56
This commit is contained in:
Tom Cherry
Jeffrey Vander Stoep
parent
224921d18a
commit
db465285cf
2 changed files with 4 additions and 0 deletions
|
|
@ -600,6 +600,7 @@ neverallow {
|
|||
-init
|
||||
-uncrypt
|
||||
-update_engine
|
||||
-vendor_init
|
||||
-vold
|
||||
-recovery
|
||||
-ueventd
|
||||
|
|
|
|||
|
|
@ -146,6 +146,9 @@ allow vendor_init serialno_prop:file { getattr open read };
|
|||
# Vendor init can perform operations on trusted and security Extended Attributes
|
||||
allow vendor_init self:global_capability_class_set sys_admin;
|
||||
|
||||
# Raw writes to misc block device
|
||||
allow vendor_init misc_block_device:blk_file w_file_perms;
|
||||
|
||||
not_compatible_property(`
|
||||
set_prop(vendor_init, {
|
||||
property_type
|
||||
|
|
|
|||
Loading…
Reference in a new issue