85acf6ef70
neverallow rules with allowlist should look like:
neverallow { domain -allow1 -allow2 } ...
Bug: 181744894
Test: m selinux_policy
Test: pcregrep -M -r "neverallow\s+{(\s*#.*\s*)*\s+-" .
Change-Id: Ibab72ccc1fbacb99b62fe127b4122e1ac22b938a
31 lines
716 B
Text
31 lines
716 B
Text
typeattribute charger coredomain;
|
|
|
|
# charger needs to tell init to continue the boot
|
|
# process when running in charger mode.
|
|
set_prop(charger, system_prop)
|
|
set_prop(charger, exported_system_prop)
|
|
set_prop(charger, exported3_system_prop)
|
|
set_prop(charger, charger_status_prop)
|
|
|
|
get_prop(charger, charger_prop)
|
|
get_prop(charger, charger_config_prop)
|
|
|
|
# get minui properties
|
|
get_prop(charger, recovery_config_prop)
|
|
|
|
compatible_property_only(`
|
|
neverallow {
|
|
domain
|
|
-init
|
|
-dumpstate
|
|
-charger
|
|
} charger_prop:file no_rw_file_perms;
|
|
')
|
|
|
|
neverallow {
|
|
domain
|
|
-init
|
|
-dumpstate
|
|
-vendor_init
|
|
-charger
|
|
} { charger_config_prop charger_status_prop }:file no_rw_file_perms;
|