tequilaOS/platform_system_sepolicy

Fork 0

Commit graph

Author	SHA1	Message	Date
P.Adarsh Reddy	916bd874d6	Uncrypt: Allow uncrypt to write on ota_package_file. This adds sepolicy rule to allow uncrypt module to write on OTA zip (for f2fs_pin_file functionality). Also, add a few dontaudit rules to suppress harmless denials. Denials: I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0 I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0 Bug: 158070965 Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6	2020-07-07 00:03:11 +00:00
Alan Stokes	075bb7c84e	DO NOT MERGE Update prebuilts/api/30.0. Bug: 157723850 Test: Builds Change-Id: Id774d00099317cb4d5b69751e74c6d4fcaf5c5d6	2020-06-09 16:35:15 +01:00
Inseob Kim	5131ff6544	DO NOT MERGE Add fake 30.0 prebuilts This prebuilt is based on the AOSP policy, but slightly manipulated so that the set of types and attributes are identical with R policy. Following types are removed. boot_status_prop dalvik_config_prop gnss_device surfaceflinger_color_prop surfaceflinger_prop systemsound_config_prop vold_config_prop vold_status_prop Following type is renamed. wificond_service -> wifinl80211_service Bug: 153661471 Test: N/A Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29	2020-05-11 13:18:52 +09:00

Author

SHA1

Message

Date

P.Adarsh Reddy

916bd874d6

Uncrypt: Allow uncrypt to write on ota_package_file.

This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6

2020-07-07 00:03:11 +00:00

Alan Stokes

075bb7c84e

DO NOT MERGE Update prebuilts/api/30.0.

Bug: 157723850
Test: Builds
Change-Id: Id774d00099317cb4d5b69751e74c6d4fcaf5c5d6

2020-06-09 16:35:15 +01:00

Inseob Kim

5131ff6544

DO NOT MERGE Add fake 30.0 prebuilts

This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.

Following types are removed.

boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop

Following type is renamed.

wificond_service -> wifinl80211_service

Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29

2020-05-11 13:18:52 +09:00

3 commits