| author | Baocheng Sun <baocheng.sun@amlogic.com> | 2017-09-12 05:59:27 (GMT) |
|---|---|---|
| committer | Baocheng Sun <baocheng.sun@amlogic.com> | 2017-09-12 05:59:27 (GMT) |
| commit | 07a41ec3f13be1e8e54f9eea7ba363de345c8123 (patch) | |
| tree | 55ac2a3a951c102021437b2b981ada1363160230 | |
| parent | 6892f4b149a1970ebbc8924b46eb8a4c82c22985 (diff) | |
| download | amlogic-o-07a41ec3f13be1e8e54f9eea7ba363de345c8123.zip amlogic-o-07a41ec3f13be1e8e54f9eea7ba363de345c8123.tar.gz amlogic-o-07a41ec3f13be1e8e54f9eea7ba363de345c8123.tar.bz2 | |
vold: update sepolicy for adoptable storage [1/1]
PD#150747
update sgdisk, make_ext4fs, vold sepolicy
Change-Id: I81d1ca166eefd914f324aa55724c537dd9bbdad8
| -rw-r--r-- | common/sepolicy/kernel.te | 4 | ||||
| -rw-r--r-- | common/sepolicy/make_ext4fs.te | 7 | ||||
| -rw-r--r-- | common/sepolicy/sgdisk.te | 2 | ||||
| -rw-r--r-- | common/sepolicy/vold.te | 3 |
4 files changed, 12 insertions, 4 deletions
diff --git a/common/sepolicy/kernel.te b/common/sepolicy/kernel.te index 3f1acf1..20c71ee 100644 --- a/common/sepolicy/kernel.te +++ b/common/sepolicy/kernel.te @@ -1,4 +1,4 @@ allow kernel self:capability mknod; -allow kernel device:blk_file { setattr create }; +allow kernel device:blk_file { ioctl read write create getattr setattr unlink }; allow kernel device:dir {rw_file_perms rw_dir_perms write create}; -allow kernel device:chr_file { setattr create };
\ No newline at end of file +allow kernel device:chr_file { setattr create }; diff --git a/common/sepolicy/make_ext4fs.te b/common/sepolicy/make_ext4fs.te index f17adf1..2f73a93 100644 --- a/common/sepolicy/make_ext4fs.te +++ b/common/sepolicy/make_ext4fs.te @@ -3,6 +3,7 @@ type make_ext4fs_exec, exec_type, file_type; init_daemon_domain(make_ext4fs) allow make_ext4fs devpts:dir { search }; +allow make_ext4fs devpts:chr_file { read write getattr ioctl }; allow make_ext4fs block_device:dir { search getattr }; @@ -10,5 +11,9 @@ allow make_ext4fs block_device:dir { search getattr }; allow make_ext4fs vold:fd use; allow make_ext4fs vold:fifo_file { read write getattr }; +allow make_ext4fs dm_device:blk_file { ioctl open read write create getattr }; + allow make_ext4fs rootfs:lnk_file {getattr}; -allow make_ext4fs rootfs:file {getattr read open};
\ No newline at end of file +allow make_ext4fs rootfs:file {getattr read open}; + +allow make_ext4fs file_contexts_file:file {getattr read open}; diff --git a/common/sepolicy/sgdisk.te b/common/sepolicy/sgdisk.te index 938442f..2bca927 100644 --- a/common/sepolicy/sgdisk.te +++ b/common/sepolicy/sgdisk.te @@ -1,3 +1,3 @@ allow sgdisk kernel:system module_request; -allow sgdisk vold_block_device:blk_file { read open getattr ioctl };
\ No newline at end of file +allow sgdisk vold_block_device:blk_file { create getattr read write open ioctl }; diff --git a/common/sepolicy/vold.te b/common/sepolicy/vold.te index e30c4f2..9f260ca 100644 --- a/common/sepolicy/vold.te +++ b/common/sepolicy/vold.te @@ -20,6 +20,7 @@ allow vold mnt_media_rw_stub_file:dir { r_dir_perms mounton }; allow vold cache_file:file create_file_perms; allow vold cache_file:dir { create_file_perms add_name remove_name }; +allow vold vold_block_device:blk_file { create getattr read open unlink ioctl lock write }; allow vold param_tv_file:dir { read open }; allow vold storage_stub_file:dir { getattr read open search write add_name }; @@ -31,5 +32,7 @@ allow vold tee_data_file:dir { open read }; allow vold vold_block_device:blk_file { create read open ioctl unlink }; +allow vold apk_data_file:dir { getattr open read }; + #for hw keymaster allow vold drm_device:chr_file {open read write ioctl}; |