tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "allow system server to search into /metadata/aconfig dir" into main

Browse source
This commit is contained in:
Dennis Shen 2024-03-13 13:10:01 +00:00 committed by Gerrit Code Review
commit f879f74d60
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/domain.te
View file

@ -813,5 +813,5 @@ neverallow { domain -init } kcmdlinectrl:process { dyntransition transition };
neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
# Do not allow write access to aconfig flag value files except init and aconfigd
neverallow { domain -init -aconfigd } aconfig_storage_metadata_file:dir *;
neverallow { domain -init -aconfigd } aconfig_storage_metadata_file:file no_w_file_perms;
neverallow { domain -init -aconfigd -system_server } aconfig_storage_metadata_file:dir *;
neverallow { domain -init -aconfigd -system_server } aconfig_storage_metadata_file:file no_w_file_perms;

1
private/system_server.te
View file

@ -1470,6 +1470,7 @@ allow system_server watchdog_metadata_file:file create_file_perms;
allow system_server aconfig_storage_flags_metadata_file:dir rw_dir_perms;
allow system_server aconfig_storage_flags_metadata_file:file create_file_perms;
allow system_server aconfig_storage_metadata_file:dir search;
allow system_server repair_mode_metadata_file:dir rw_dir_perms;
allow system_server repair_mode_metadata_file:file create_file_perms;