author | Robin Lee <rgl@google.com> | 2020-11-03 17:05:15 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2020-11-05 06:02:32 (GMT) |
commit | b4f7e6b6001889b75c3c1f21cabe354c3fab9944 (patch) | |
tree | ccfc24f82093df401bb60a36a508e828bd26ecb5 | |
parent | 8deb58bce039f44a98d924aa433d0e9bf5660107 (diff) | |
download | common-b4f7e6b6001889b75c3c1f21cabe354c3fab9944.zip common-b4f7e6b6001889b75c3c1f21cabe354c3fab9944.tar.gz common-b4f7e6b6001889b75c3c1f21cabe354c3fab9944.tar.bz2 |
Apex: Allow apexd to open dm-* files
Usually these device nodes are accessible by apexd but the policy inside
device/amlogic/common/sepolicy/file_contexts changes them from dm_device
to super_block_device.
This may cause more problems later, since the system image expects
future sepolicy rules to be written against dm_device, but it solves the
immediate problem of APEX being broken.
Test: atest CtsRollbackManagerHostTestCases:
Test: atest CtsStagedInstallHostTestCases
Fix: 172327389
Fix: 172327770
Change-Id: I9f4274a199e8769ac97b19818bc3f71765c4fc1a
-rw-r--r-- | sepolicy/apexd.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sepolicy/apexd.te b/sepolicy/apexd.te new file mode 100644 index 0000000..04403ac --- a/dev/null +++ b/sepolicy/apexd.te @@ -0,0 +1,2 @@ +allow apexd super_block_device:chr_file rw_file_perms; +allow apexd super_block_device:blk_file rw_file_perms; |