55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
11 lines
682 B
Text
11 lines
682 B
Text
# The flags_health_check command run by init.
|
|
type flags_health_check, domain, coredomain;
|
|
type flags_health_check_exec, system_file_type, exec_type, file_type;
|
|
|
|
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
|
|
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
|
|
|
|
# server_configurable_flags_data_file is used for storing whether server configurable flags which
|
|
# have been reset during current booting. Mistakenly modified by unrelated components can
|
|
# cause bad server configurable flags synced back to device.
|
|
neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
|