author | Baocheng Sun <baocheng.sun@amlogic.com> | 2017-09-05 08:54:05 (GMT) |
---|---|---|
committer | Baocheng Sun <baocheng.sun@amlogic.com> | 2017-09-21 07:25:58 (GMT) |
commit | 06ed4de664faae8b2765c4b334db26eb8a8fac5b (patch) | |
tree | 5f19553315afbb1810114a68d23652e194ff108b | |
parent | 1826574311f5422eb9239313d77f68f03b3c53dd (diff) | |
download | amlogic-o-06ed4de664faae8b2765c4b334db26eb8a8fac5b.zip amlogic-o-06ed4de664faae8b2765c4b334db26eb8a8fac5b.tar.gz amlogic-o-06ed4de664faae8b2765c4b334db26eb8a8fac5b.tar.bz2 |
sepolicy: update vold related sepolicy [2/4]
PD#147260
update vold related sepolicy
Change-Id: If642fdc76e4aa69ef0153ccd1d88f019214b2236
-rw-r--r-- | common/products/mbox/product_mbox.mk | 4 | ||||
-rw-r--r-- | common/products/tv/product_tv.mk | 3 | ||||
-rw-r--r-- | common/sepolicy/blkid_untrusted.te | 2 | ||||
-rw-r--r-- | common/sepolicy/file_contexts | 2 | ||||
-rw-r--r-- | common/sepolicy/fsck_untrusted.te | 2 | ||||
-rw-r--r-- | common/sepolicy/kernel.te | 2 | ||||
-rw-r--r-- | common/sepolicy/sdcardd.te | 6 | ||||
-rw-r--r-- | common/sepolicy/sgdisk.te | 1 | ||||
-rw-r--r-- | common/sepolicy/system_server.te | 3 | ||||
-rw-r--r-- | common/sepolicy/vold.te | 4 |
10 files changed, 27 insertions, 2 deletions
diff --git a/common/products/mbox/product_mbox.mk b/common/products/mbox/product_mbox.mk index de66ae3..0b2614e 100644 --- a/common/products/mbox/product_mbox.mk +++ b/common/products/mbox/product_mbox.mk @@ -27,7 +27,9 @@ PRODUCT_PACKAGES += \ MboxLauncher endif - +#droid vold +PRODUCT_PACKAGES += \ + droidvold # Camera Hal PRODUCT_PACKAGES += \ diff --git a/common/products/tv/product_tv.mk b/common/products/tv/product_tv.mk index 88b15e7..fa63ecb 100644 --- a/common/products/tv/product_tv.mk +++ b/common/products/tv/product_tv.mk @@ -59,6 +59,9 @@ PRODUCT_PACKAGES += \ MboxLauncher endif +#droid vold +PRODUCT_PACKAGES += \ + droidvold # Camera Hal PRODUCT_PACKAGES += \ diff --git a/common/sepolicy/blkid_untrusted.te b/common/sepolicy/blkid_untrusted.te index 4f59927..5b9318e 100644 --- a/common/sepolicy/blkid_untrusted.te +++ b/common/sepolicy/blkid_untrusted.te @@ -1,2 +1,4 @@ # blkid for untrusted block devices allow blkid_untrusted vold_block_device:blk_file { getattr read open ioctl }; +allow blkid_untrusted sda_block_device:blk_file { r_file_perms getattr }; +allow blkid_untrusted vold:unix_stream_socket { read write }; diff --git a/common/sepolicy/file_contexts b/common/sepolicy/file_contexts index b75fc37..ec2b5e0 100644 --- a/common/sepolicy/file_contexts +++ b/common/sepolicy/file_contexts @@ -45,6 +45,7 @@ /dev/block/mmcblk[0-9] u:object_r:sda_block_device:s0 /dev/block/mmcblk[0-9]p(.*) u:object_r:sda_block_device:s0 /dev/block/mmcblk[0-9]rpmb u:object_r:sda_block_device:s0 +/dev/block/droidvold/.+ u:object_r:vold_device:s0 /dev/bootloader u:object_r:bootloader_device:s0 /dev/btusb0 u:object_r:hci_attach_dev:s0 @@ -121,6 +122,7 @@ /vendor/bin/usbtestpm u:object_r:usbpm_exec:s0 /vendor/bin/wlan_fwloader u:object_r:wlan_fwloader_exec:s0 /vendor/xbin/bcmdl u:object_r:bcmdl_exec:s0 +/vendor/bin/droidvold u:object_r:vold_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service.droidlogic u:object_r:hal_dumpstate_default_exec:s0 diff --git a/common/sepolicy/fsck_untrusted.te b/common/sepolicy/fsck_untrusted.te index 2a9adea..3eda53a 100644 --- a/common/sepolicy/fsck_untrusted.te +++ b/common/sepolicy/fsck_untrusted.te @@ -1 +1,3 @@ allow fsck_untrusted vold_block_device:blk_file { getattr read write open ioctl }; +allow fsck_untrusted sda_block_device:blk_file { create getattr read write open ioctl }; +allow fsck_untrusted vold:unix_stream_socket { read write }; diff --git a/common/sepolicy/kernel.te b/common/sepolicy/kernel.te index 20c71ee..0856d03 100644 --- a/common/sepolicy/kernel.te +++ b/common/sepolicy/kernel.te @@ -1,4 +1,4 @@ allow kernel self:capability mknod; allow kernel device:blk_file { ioctl read write create getattr setattr unlink }; allow kernel device:dir {rw_file_perms rw_dir_perms write create}; -allow kernel device:chr_file { setattr create }; +allow kernel device:chr_file { getattr setattr create }; diff --git a/common/sepolicy/sdcardd.te b/common/sepolicy/sdcardd.te index 5f0a4b1..88c5b2e 100644 --- a/common/sepolicy/sdcardd.te +++ b/common/sepolicy/sdcardd.te @@ -1,2 +1,8 @@ allow sdcardd mnt_media_rw_file:dir create_dir_perms; allow sdcardd mnt_media_rw_file:file create_file_perms; + +allow sdcardd vold:unix_stream_socket { read write }; + +# for exfat +allow sdcardd unlabeled:dir { open read write getattr search }; +allow sdcardd unlabeled:file { open read write getattr }; diff --git a/common/sepolicy/sgdisk.te b/common/sepolicy/sgdisk.te index 2bca927..05ab6b4 100644 --- a/common/sepolicy/sgdisk.te +++ b/common/sepolicy/sgdisk.te @@ -1,3 +1,4 @@ allow sgdisk kernel:system module_request; allow sgdisk vold_block_device:blk_file { create getattr read write open ioctl }; +allow sgdisk vold:unix_stream_socket { read write }; diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te index cbdc1d3..2baf4bc 100644 --- a/common/sepolicy/system_server.te +++ b/common/sepolicy/system_server.te @@ -27,3 +27,6 @@ allow system_server { system_app platform_app untrusted_app priv_app }:file { wr allow system_server uhid_device:chr_file {write open ioctl}; allow system_server dvb_device:chr_file rw_file_perms; allow system_server uhid_device:chr_file { write open ioctl }; + +allow system_server socket_device:sock_file { read write open }; + diff --git a/common/sepolicy/vold.te b/common/sepolicy/vold.te index 9f260ca..b260868 100644 --- a/common/sepolicy/vold.te +++ b/common/sepolicy/vold.te @@ -15,6 +15,7 @@ domain_auto_trans(vold, vold_ext_exec, vold_ext) allow vold vold_ext_exec:file { execute read open execute_no_trans }; allow vold kernel:system module_request; allow vold mnt_media_rw_stub_file:dir { r_dir_perms mounton }; +allow vold sda_block_device:blk_file rw_file_perms; #for dig allow vold cache_file:file create_file_perms; @@ -36,3 +37,6 @@ allow vold apk_data_file:dir { getattr open read }; #for hw keymaster allow vold drm_device:chr_file {open read write ioctl}; + +#for exfat, temporary way +allow vold unlabeled:filesystem { mount unmount }; |