author | Xindong Xu <xindong.xu@amlogic.com> | 2018-01-19 07:06:21 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2018-01-19 08:15:56 (GMT) |
commit | 4f7200e306077cef48fb0887841f18dd998932c9 (patch) | |
tree | 358189b8c79d9cd2fba45f27b45cb60b13f3ce97 | |
parent | 3756678643de5c43ae85acb5792da0d5bbd20f1c (diff) | |
download | common-4f7200e306077cef48fb0887841f18dd998932c9.zip common-4f7200e306077cef48fb0887841f18dd998932c9.tar.gz common-4f7200e306077cef48fb0887841f18dd998932c9.tar.bz2 |
sepolicy: sync to 8.1 ef4dcd7f07 [1/6]
PD# 158649
sync to 8.1 ef4dcd7f07
Change-Id: Idc67bc95443185f38a3d536552507771006a6b2f
-rw-r--r-- | sepolicy/droidvold.te | 5 | ||||
-rw-r--r-- | sepolicy/platform_app.te | 5 | ||||
-rw-r--r-- | sepolicy/untrusted_app.te | 5 | ||||
-rw-r--r-- | sepolicy/untrusted_app_25.te | 3 |
4 files changed, 15 insertions, 3 deletions
diff --git a/sepolicy/droidvold.te b/sepolicy/droidvold.te index 4db4a47..6819af7 100644 --- a/sepolicy/droidvold.te +++ b/sepolicy/droidvold.te @@ -94,4 +94,7 @@ domain_auto_trans(droidvold, ntfs_3g_exec, ntfs_3g); allow droidvold loop_device:blk_file { open read write ioctl }; allow droidvold fuseblk:dir { search }; -allow droidvold fuseblk:file { open read write };
\ No newline at end of file +allow droidvold fuseblk:file { open read write }; + +allow droidvold sdcardfs:filesystem { mount unmount remount }; +allow droidvold storage_file:dir { write add_name create setattr mounton search getattr }; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index 487bb5c..135b8c1 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -39,4 +39,7 @@ allow platform_app system_control:binder { call }; allow platform_app droidmount_service:service_manager { find }; allow platform_app subtitle_service:service_manager { find }; allow platform_app iso9660:dir { search open read getattr }; -allow platform_app iso9660:file { open read getattr };
\ No newline at end of file +allow platform_app iso9660:file { open read getattr }; + +allow platform_app droidvold_hwservice:hwservice_manager { find }; +allow platform_app droidvold:binder { call transfer }; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index 091d6c2..bd36052 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -1 +1,4 @@ -allow untrusted_app system_control:binder call; +allow untrusted_app system_control:binder { call }; + +allow untrusted_app fuseblk:dir { search }; +allow untrusted_app fuseblk:file { read open getattr }; diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te index 998b431..4365f69 100644 --- a/sepolicy/untrusted_app_25.te +++ b/sepolicy/untrusted_app_25.te @@ -1 +1,4 @@ allow untrusted_app_25 sysfs:file { open read }; + +allow untrusted_app_25 fuseblk:dir { search }; +allow untrusted_app_25 fuseblk:file { read open getattr }; |