platform_system_sepolicy/boot_control_hal.te
Alex Deymo 0f8d926153 Move boot_control HAL permissions to an attribute.
The boot_control HAL is library loaded by our daemons (like
update_engine and update_verifier) that interacts with the bootloader.
The actual implementation of this library is provided by the vendor and
its runtime permissions are tied to this implementation which varies a
lot based on how the bootloader and the partitions it uses are
structured.

This patch moves these permissions to an attribute so the attribute can
be expanded on each device without the need to repeat that on each one
of our daemons using the boot_control HAL.

Bug: 27107517
Change-Id: Idfe6a208720b49802b03f70fee4a3e73030dae2e
2016-04-22 14:05:56 -07:00

2 lines
130 B
Text

# Allow read/write bootctrl block device, if one is defined.
allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;