55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
25 lines
688 B
Text
25 lines
688 B
Text
typeattribute fastbootd coredomain;
|
|
|
|
# The allow rules are only included in the recovery policy.
|
|
# Otherwise fastbootd is only allowed the domain rules.
|
|
recovery_only(`
|
|
# Reboot the device
|
|
set_prop(fastbootd, powerctl_prop)
|
|
|
|
# Read serial number of the device from system properties
|
|
get_prop(fastbootd, serialno_prop)
|
|
|
|
# Set sys.usb.ffs.ready.
|
|
set_prop(fastbootd, ffs_prop)
|
|
set_prop(fastbootd, exported_ffs_prop)
|
|
|
|
userdebug_or_eng(`
|
|
get_prop(fastbootd, persistent_properties_ready_prop)
|
|
')
|
|
|
|
set_prop(fastbootd, gsid_prop)
|
|
|
|
# Determine allocation scheme (whether B partitions needs to be
|
|
# at the second half of super.
|
|
get_prop(fastbootd, virtual_ab_prop)
|
|
')
|