9f41fc081f
misctrl can set properties which can be injected into bugreports. Limit visibility of these properties so that no device code can branch based off these properties. Bug: 317262681 Test: bugreport Change-Id: I74f6f240b08b2681540bca262dcc76bcdca9cdad
17 lines
633 B
Text
17 lines
633 B
Text
# binary for generic misc partition management
|
|
type misctrl, domain, coredomain;
|
|
type misctrl_exec, system_file_type, exec_type, file_type;
|
|
|
|
init_daemon_domain(misctrl)
|
|
|
|
allow misctrl misc_block_device:blk_file rw_file_perms;
|
|
allow misctrl block_device:dir r_dir_perms;
|
|
read_fstab(misctrl)
|
|
|
|
set_prop(misctrl, misctrl_prop)
|
|
|
|
# bootloader_message tries to find the fstab in the device config path first,
|
|
# but because we've already booted up we can use the ro.boot properties instead,
|
|
# so we can just ignore the SELinux denial.
|
|
dontaudit misctrl sysfs_dt_firmware_android:dir search;
|
|
dontaudit misctrl vendor_property_type:file read;
|