2e00e6373f
In order to support platform changes without simultaneous updates from non-platform components, the platform and non-platform policies must be split. In order to provide a guarantee that policy written for non-platform objects continues to provide the same access, all types exposed to non-platform policy are versioned by converting them and the policy using them into attributes. This change performs that split, the subsequent versioning and also generates a mapping file to glue the different policy components together. Test: Device boots and runs. Bug: 31369363 Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
24 lines
758 B
Text
24 lines
758 B
Text
# android recovery refresh log manager
|
|
type recovery_refresh, domain;
|
|
type recovery_refresh_exec, exec_type, file_type;
|
|
|
|
allow recovery_refresh pstorefs:dir search;
|
|
allow recovery_refresh pstorefs:file r_file_perms;
|
|
# NB: domain inherits write_logd which hands us write to pmsg_device
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### recovery_refresh should NEVER do any of this
|
|
|
|
# Block device access.
|
|
neverallow recovery_refresh dev_type:blk_file { read write };
|
|
|
|
# ptrace any other app
|
|
neverallow recovery_refresh domain:process ptrace;
|
|
|
|
# Write to /system.
|
|
neverallow recovery_refresh system_file:dir_file_class_set write;
|
|
|
|
# Write to files in /data/data or system files on /data
|
|
neverallow recovery_refresh { app_data_file system_data_file }:dir_file_class_set write;
|