vold_prepare_subdirs sets policy in vold-created dirs.
am: 5b962cfd7b
Change-Id: I8adf367d7b432da57dbae1d7723ea59884af4a7d
This commit is contained in:
Paul Crowley
android-build-merger
commit
ea8e21ee7f
5 changed files with 27 additions and 1 deletions
|
|
@ -33,6 +33,8 @@
|
|||
thermalserviced_tmpfs
|
||||
timezone_service
|
||||
tombstoned_java_trace_socket
|
||||
vold_prepare_subdirs
|
||||
vold_prepare_subdirs_exec
|
||||
vold_service
|
||||
wpantund
|
||||
wpantund_exec
|
||||
|
|
|
|||
|
|
@ -273,6 +273,7 @@
|
|||
/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
|
||||
/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0
|
||||
/system/bin/adbd u:object_r:adbd_exec:s0
|
||||
/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
|
||||
|
||||
#############################
|
||||
# Vendor files
|
||||
|
|
@ -433,6 +434,10 @@
|
|||
# User icon files
|
||||
/data/system/users/[0-9]+/photo.png u:object_r:icon_file:s0
|
||||
|
||||
# vold per-user data
|
||||
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
|
||||
|
||||
#############################
|
||||
# efs files
|
||||
#
|
||||
|
|
|
|||
1
private/vold_prepare_subdirs.te
Normal file
1
private/vold_prepare_subdirs.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
|
||||
|
|
@ -201,7 +201,7 @@ allow vold misc_block_device:blk_file w_file_perms;
|
|||
|
||||
neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
|
||||
neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
|
||||
neverallow { domain -vold -init } vold_data_file:dir *;
|
||||
neverallow { domain -vold -init -vold_prepare_subdirs } vold_data_file:dir *;
|
||||
neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
|
||||
neverallow { domain -vold -init } restorecon_prop:property_service set;
|
||||
|
||||
|
|
|
|||
18
public/vold_prepare_subdirs.te
Normal file
18
public/vold_prepare_subdirs.te
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# SELinux directory creation and labelling for vold-managed directories
|
||||
|
||||
type vold_prepare_subdirs, domain;
|
||||
type vold_prepare_subdirs_exec, exec_type, file_type;
|
||||
|
||||
typeattribute vold_prepare_subdirs coredomain;
|
||||
|
||||
allow vold_prepare_subdirs system_file:file execute_no_trans;
|
||||
allow vold_prepare_subdirs shell_exec:file rx_file_perms;
|
||||
allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
|
||||
allow vold_prepare_subdirs devpts:chr_file { ioctl read write };
|
||||
allow vold_prepare_subdirs vold:fd use;
|
||||
allow vold_prepare_subdirs vold:fifo_file { read write };
|
||||
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
|
||||
allow vold_prepare_subdirs self:capability dac_override;
|
||||
allow vold_prepare_subdirs self:process setfscreate;
|
||||
allow vold_prepare_subdirs system_data_file:dir { add_name write };
|
||||
allow vold_prepare_subdirs vold_data_file:dir { create getattr setattr };
|
||||
Loading…
Reference in a new issue