tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adding more permission for selinux to some attributes and flags

Browse source 
Test: atest installd/StorageHostTest
Test: atest installd/installd_service_test.cpp
Change-Id: I7a2d4055b7e4050394304a92279c595d2153da23
This commit is contained in:
Shikha Malhotra 2021-12-29 16:29:18 +00:00
parent 2f2ff42a24
commit ddfb8a99cc
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
public/installd.te
View file

@ -115,6 +115,15 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
# Allow setting extended attributes (for project quota IDs) on dirs
# and to enable project ID inheritance through FS_IOC_SETFLAGS
allowxperm installd { app_data_file_type system_data_file }:{ dir file } ioctl {
FS_IOC_FSGETXATTR
FS_IOC_FSSETXATTR
FS_IOC_GETFLAGS
FS_IOC_SETFLAGS
};
# Similar for the files under /data/misc/profiles/
allow installd user_profile_root_file:dir { create_dir_perms relabelfrom };
allow installd user_profile_data_file:dir { create_dir_perms relabelto };