platform_system_sepolicy/boot_control_hal.te
Alex Deymo 7b8413db1a Move boot_control HAL permissions to an attribute.
The boot_control HAL is library loaded by our daemons (like
update_engine and update_verifier) that interacts with the bootloader.
The actual implementation of this library is provided by the vendor and
its runtime permissions are tied to this implementation which varies a
lot based on how the bootloader and the partitions it uses are
structured.

This patch moves these permissions to an attribute so the attribute can
be expanded on each device without the need to repeat that on each one
of our daemons using the boot_control HAL.

Bug: 27107517

(cherry picked from commit 0f8d926153)

Change-Id: Icb2653cb89812c0de81381ef48280e4ad1e9535c
2016-04-22 16:45:23 -07:00

2 lines
130 B
Text

# Allow read/write bootctrl block device, if one is defined.
allow boot_control_hal bootctrl_block_device:blk_file rw_file_perms;