5c6a227ebb
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. Bug: 37896931 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
27 lines
799 B
Text
27 lines
799 B
Text
# android recovery persistent log manager
|
|
type recovery_persist, domain;
|
|
type recovery_persist_exec, exec_type, file_type;
|
|
|
|
allow recovery_persist pstorefs:dir search;
|
|
allow recovery_persist pstorefs:file r_file_perms;
|
|
|
|
allow recovery_persist recovery_data_file:file create_file_perms;
|
|
allow recovery_persist recovery_data_file:dir create_dir_perms;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### recovery_persist should NEVER do any of this
|
|
|
|
# Block device access.
|
|
neverallow recovery_persist dev_type:blk_file { read write };
|
|
|
|
# ptrace any other app
|
|
neverallow recovery_persist domain:process ptrace;
|
|
|
|
# Write to /system.
|
|
neverallow recovery_persist system_file:dir_file_class_set write;
|
|
|
|
# Write to files in /data/data
|
|
neverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write;
|
|
|