author | Xindong Xu <xindong.xu@amlogic.com> | 2020-11-12 01:53:46 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2020-11-16 04:20:12 (GMT) |
commit | 3c631cb60b13b4a1f5d026f56db2aea0cd68e2be (patch) | |
tree | d5e2552d2336151769602ab87fcf24da51a577e2 | |
parent | ac7bb205910b0b327abeee4e48fcaaa2a2ae3a59 (diff) | |
download | common-3c631cb60b13b4a1f5d026f56db2aea0cd68e2be.zip common-3c631cb60b13b4a1f5d026f56db2aea0cd68e2be.tar.gz common-3c631cb60b13b4a1f5d026f56db2aea0cd68e2be.tar.bz2 |
sepolicy: fix update_engine selinux problem [1/5]
PD#SWPL-36719
Problem:
there are selinux problem when run update_engine_client
Solution:
fix update_engine selinux problem
Verify:
newton
Change-Id: Iee1f094a192b31fadd5ff3745ec49d447f3dd19c
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>
-rw-r--r-- | sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | sepolicy/hal_bootctl_default.te | 2 | ||||
-rw-r--r-- | sepolicy/update_engine.te | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 2b31c18..a8eeaec 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -35,6 +35,7 @@ /dev/block/env u:object_r:env_device:s0 /dev/block/logo u:object_r:logo_device:s0 /dev/block/data u:object_r:userdata_block_device:s0 +/dev/block/userdata u:object_r:userdata_block_device:s0 /dev/block/cache u:object_r:cache_block_device:s0 /dev/block/metadata u:object_r:metadata_block_device:s0 /dev/block/metadata_a u:object_r:metadata_block_device:s0 @@ -49,6 +50,9 @@ /dev/block/boot_a u:object_r:boot_block_device:s0 /dev/block/boot_b u:object_r:boot_block_device:s0 /dev/block/boot u:object_r:boot_block_device:s0 +/dev/block/vendor_boot_a u:object_r:vendor_block_device:s0 +/dev/block/vendor_boot_b u:object_r:vendor_block_device:s0 +/dev/block/vendor_boot u:object_r:vendor_block_device:s0 /dev/block/system_a u:object_r:system_block_fsck_device:s0 /dev/block/system_b u:object_r:system_block_fsck_device:s0 /dev/block/system u:object_r:system_block_fsck_device:s0 diff --git a/sepolicy/hal_bootctl_default.te b/sepolicy/hal_bootctl_default.te index df017f9..a4f4a59 100644 --- a/sepolicy/hal_bootctl_default.te +++ b/sepolicy/hal_bootctl_default.te @@ -8,5 +8,7 @@ allow hal_bootctl_default sysfs_dt_firmware_android:file { getattr open read }; allow hal_bootctl_default proc_cmdline:file read; +allow hal_bootctl_default boot_block_device:blk_file r_file_perms; + allow hal_bootctl_default sysfs:dir { open read }; #allow hal_bootctl_default sysfs:file { getattr open read }; diff --git a/sepolicy/update_engine.te b/sepolicy/update_engine.te index 1691dfb..570a483 100644 --- a/sepolicy/update_engine.te +++ b/sepolicy/update_engine.te @@ -9,6 +9,8 @@ allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine system_app:binder { call }; allow update_engine metadata_file:dir search; +allow update_engine system_data_file:file r_file_perms; + allow update_engine system_file:file execute_no_trans; allow update_engine labeledfs:filesystem mount; allow update_engine otadexopt_service:service_manager find; |