Merge "sepolicy: label vendor_service_contexts as vendor_service_contexts_file" into rvc-dev am: b992eb34e6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/11907832 Change-Id: I117f33f49959fe562df99eee1cb8d682c21bf245
This commit is contained in:
TreeHugger Robot
Automerger Merge Worker
commit
f87b1ccb70
11 changed files with 23 additions and 2 deletions
|
|
@ -346,6 +346,7 @@ LOCAL_REQUIRED_MODULES += \
|
|||
vendor_property_contexts \
|
||||
vendor_property_contexts_test \
|
||||
vendor_seapp_contexts \
|
||||
vendor_service_contexts \
|
||||
vendor_hwservice_contexts \
|
||||
vendor_hwservice_contexts_test \
|
||||
vndservice_contexts \
|
||||
|
|
|
|||
|
|
@ -123,6 +123,7 @@
|
|||
vendor_boringssl_self_test
|
||||
vendor_install_recovery
|
||||
vendor_install_recovery_exec
|
||||
vendor_service_contexts_file
|
||||
vendor_socket_hook_prop
|
||||
vendor_socket_hook_prop
|
||||
virtual_ab_prop))
|
||||
|
|
|
|||
|
|
@ -378,7 +378,9 @@
|
|||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
|
||||
/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -1005,6 +1005,7 @@ full_treble_only(`
|
|||
-vendor_app_file
|
||||
-vendor_apex_file
|
||||
-vendor_configs_file
|
||||
-vendor_service_contexts_file
|
||||
-vendor_framework_file
|
||||
-vendor_idc_file
|
||||
-vendor_keychars_file
|
||||
|
|
|
|||
|
|
@ -507,6 +507,9 @@ type sepolicy_file, system_file_type, file_type;
|
|||
# service_contexts file
|
||||
type service_contexts_file, system_file_type, file_type;
|
||||
|
||||
# vendor service_contexts file
|
||||
type vendor_service_contexts_file, vendor_file_type, file_type;
|
||||
|
||||
# nonplat service_contexts file (only accessible on non full-treble devices)
|
||||
type nonplat_service_contexts_file, vendor_file_type, file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ allow servicemanager {
|
|||
}:binder transfer;
|
||||
|
||||
allow servicemanager service_contexts_file:file r_file_perms;
|
||||
|
||||
allow servicemanager vendor_service_contexts_file:file r_file_perms;
|
||||
|
||||
# nonplat_service_contexts only accessible on non full-treble devices
|
||||
not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
|
||||
|
||||
|
|
|
|||
|
|
@ -123,6 +123,7 @@
|
|||
vendor_boringssl_self_test
|
||||
vendor_install_recovery
|
||||
vendor_install_recovery_exec
|
||||
vendor_service_contexts_file
|
||||
vendor_socket_hook_prop
|
||||
vendor_socket_hook_prop
|
||||
virtual_ab_prop))
|
||||
|
|
|
|||
|
|
@ -378,7 +378,9 @@
|
|||
# HAL location
|
||||
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
|
||||
|
||||
/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
|
||||
|
||||
/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -1005,6 +1005,7 @@ full_treble_only(`
|
|||
-vendor_app_file
|
||||
-vendor_apex_file
|
||||
-vendor_configs_file
|
||||
-vendor_service_contexts_file
|
||||
-vendor_framework_file
|
||||
-vendor_idc_file
|
||||
-vendor_keychars_file
|
||||
|
|
|
|||
|
|
@ -507,6 +507,9 @@ type sepolicy_file, system_file_type, file_type;
|
|||
# service_contexts file
|
||||
type service_contexts_file, system_file_type, file_type;
|
||||
|
||||
# vendor service_contexts file
|
||||
type vendor_service_contexts_file, vendor_file_type, file_type;
|
||||
|
||||
# nonplat service_contexts file (only accessible on non full-treble devices)
|
||||
type nonplat_service_contexts_file, vendor_file_type, file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ allow servicemanager {
|
|||
}:binder transfer;
|
||||
|
||||
allow servicemanager service_contexts_file:file r_file_perms;
|
||||
|
||||
allow servicemanager vendor_service_contexts_file:file r_file_perms;
|
||||
|
||||
# nonplat_service_contexts only accessible on non full-treble devices
|
||||
not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue