tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/30.0
History
P.Adarsh Reddy 916bd874d6 Uncrypt: Allow uncrypt to write on ota_package_file. 
This adds sepolicy rule to allow uncrypt module to write
on OTA zip (for f2fs_pin_file functionality).

Also, add a few dontaudit rules to suppress harmless denials.

Denials:
I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0

I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 158070965
Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6
2020-07-07 00:03:11 +00:00
..
private Allow system server to communicate with GPU service. 2020-06-17 17:21:23 -07:00
public Uncrypt: Allow uncrypt to write on ota_package_file. 2020-07-07 00:03:11 +00:00
plat_pub_versioned.cil Add 30.0 mapping files 2020-05-11 04:32:00 +00:00
vendor_sepolicy.cil Add 30.0 mapping files 2020-05-11 04:32:00 +00:00