platform_system_sepolicy/public/vendor_misc_writer.te
Tao Bao 42c05cfcc1 Add vendor_misc_writer.
The space between 2K and 16K in /misc is currently reserved for vendor's
use (as claimed in bootloader_message.h), but we don't allow vendor
module to access misc_block_device other than vendor_init.

The change in the topic adds a `misc_writer` tool as a vendor module,
which allows writing data to the vendor space to bridge the gap in the
short term. This CL adds matching labels to grant access.

Long term goal is to move /misc as vendor owned, then to provide HAL
access from core domain (b/132906936).

Bug: 132906936
Test: Build crosshatch that includes misc_writer module. Invoke
      /vendor/bin/misc_writer to write data to /misc.
Change-Id: I4c18d78171a839ae5497b3a61800193ef9e51b3b
2019-05-20 14:40:15 -07:00

11 lines
452 B
Text

# vendor_misc_writer
type vendor_misc_writer, domain;
type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;
# Raw writes to misc_block_device
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
allow vendor_misc_writer block_device:dir r_dir_perms;
# Silence the denial when calling libfstab's ReadDefaultFstab.
dontaudit vendor_misc_writer proc_cmdline:file read;
dontaudit vendor_misc_writer metadata_file:dir search;