0f8d926153
The boot_control HAL is library loaded by our daemons (like update_engine and update_verifier) that interacts with the bootloader. The actual implementation of this library is provided by the vendor and its runtime permissions are tied to this implementation which varies a lot based on how the bootloader and the partitions it uses are structured. This patch moves these permissions to an attribute so the attribute can be expanded on each device without the need to repeat that on each one of our daemons using the boot_control HAL. Bug: 27107517 Change-Id: Idfe6a208720b49802b03f70fee4a3e73030dae2e
8 lines
270 B
Text
8 lines
270 B
Text
# update_verifier
|
|
# update_verifier uses the boot_control_hal.
|
|
type update_verifier, domain, boot_control_hal;
|
|
type update_verifier_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(update_verifier)
|
|
|
|
# TODO: Add rules to allow update_verifier to read system_block_device.
|