tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/30.0/private/installd.te
Inseob Kim 5131ff6544 DO NOT MERGE Add fake 30.0 prebuilts 
This prebuilt is based on the AOSP policy, but slightly manipulated so
that the set of types and attributes are identical with R policy.

Following types are removed.

boot_status_prop
dalvik_config_prop
gnss_device
surfaceflinger_color_prop
surfaceflinger_prop
systemsound_config_prop
vold_config_prop
vold_status_prop

Following type is renamed.

wificond_service -> wifinl80211_service

Bug: 153661471
Test: N/A
Change-Id: I018d5e43f53c2bf721db1d13f5f4be42b9782b29
2020-05-11 13:18:52 +09:00

45 lines
1.5 KiB
Text
Raw Blame History

typeattribute installd coredomain;
init_daemon_domain(installd)
# Run migrate_legacy_obb_data.sh in its own sandbox.
domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data)
allow installd shell_exec:file rx_file_perms;
# Run dex2oat in its own sandbox.
domain_auto_trans(installd, dex2oat_exec, dex2oat)
# Run dexoptanalyzer in its own sandbox.
domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer)
# Run viewcompiler in its own sandbox.
domain_auto_trans(installd, viewcompiler_exec, viewcompiler)
# Run profman in its own sandbox.
domain_auto_trans(installd, profman_exec, profman)
# Run idmap in its own sandbox.
domain_auto_trans(installd, idmap_exec, idmap)
# For collecting bugreports.
allow installd dumpstate:fd use;
allow installd dumpstate:fifo_file r_file_perms;
# Delete /system/bin/bcc generated artifacts
allow installd app_exec_data_file:file unlink;
# Capture userdata snapshots to /data/misc_[ce|de]/rollback and
# subsequently restore them.
allow installd rollback_data_file:dir create_dir_perms;
allow installd rollback_data_file:file create_file_perms;
# Allow installd to access the runtime feature flag properties.
get_prop(installd, device_config_runtime_native_prop)
get_prop(installd, device_config_runtime_native_boot_prop)
# Allow installd to access apk verity feature flag (for legacy case).
get_prop(installd, apk_verity_prop)
# Allow installd to delete files in /data/staging
allow installd staging_data_file:file unlink;
allow installd staging_data_file:dir { open read remove_name rmdir search write };
Reference in a new issue View git blame Copy permalink