diff options
| author | Kenny Root <kroot@google.com> | 2020-06-09 04:47:31 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-09 04:47:31 +0000 |
| commit | d8d1ccb35bb28e26c165930cf375c977496c1c4d (patch) | |
| tree | f3a84df45a328a7a65535529a0236a50184dad96 | |
| parent | 8398c8d712f9f49444d7e8e9a9f2f6f0bbe71484 (diff) | |
| parent | 15c86456570106cb4c87b1a775d1aa8d96c6419f (diff) | |
| download | coral-sepolicy-d8d1ccb35bb28e26c165930cf375c977496c1c4d.tar.gz | |
Merge "Resume-on-Reboot: Citadel implementation" into rvc-dev am: 15c8645657
Original change: https://googleplex-android-review.googlesource.com/c/device/google/coral-sepolicy/+/11696685
Change-Id: If3d07542e58d19c47301dee8e9d6b731df152bd0
| -rw-r--r-- | vendor/google/file_contexts | 3 | ||||
| -rw-r--r-- | vendor/google/hal_rebootescrow_citadel.te | 17 |
2 files changed, 19 insertions, 1 deletions
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index 844e1fa..ba72269 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -3,7 +3,6 @@ /dev/ab-dram u:object_r:airbrush_device:s0 /dev/abc-pcie-dma u:object_r:airbrush_device:s0 /dev/abc-pcie-tpu_0 u:object_r:abc_tpu_device:s0 -/dev/access-kregistry u:object_r:rebootescrow_device:s0 /dev/access-metadata u:object_r:ramoops_device:s0 /dev/access-ramoops u:object_r:ramoops_device:s0 /dev/block/zram0 u:object_r:swap_block_device:s0 @@ -36,6 +35,7 @@ /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha u:object_r:hal_neuralnetworks_darwinn_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0 /vendor/bin/hw/android\.hardware\.usb@1\.2-service\.coral u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 @@ -117,6 +117,7 @@ /data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)? u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0 /data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0 /data/vendor/face(/.*)? u:object_r:face_vendor_data_file:s0 +/data/vendor/rebootescrow(/.*)? u:object_r:hal_rebootescrow_citadel_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 # dev socket node diff --git a/vendor/google/hal_rebootescrow_citadel.te b/vendor/google/hal_rebootescrow_citadel.te new file mode 100644 index 0000000..4ca8a1e --- /dev/null +++ b/vendor/google/hal_rebootescrow_citadel.te @@ -0,0 +1,17 @@ +type hal_rebootescrow_citadel, domain; +type hal_rebootescrow_citadel_exec, exec_type, vendor_file_type, file_type; +type hal_rebootescrow_citadel_data_file, file_type, data_file_type; + +hal_server_domain(hal_rebootescrow_citadel, hal_rebootescrow) + +vndbinder_use(hal_rebootescrow_citadel) +binder_call(hal_rebootescrow_citadel, citadeld) +allow hal_rebootescrow_citadel citadeld_service:service_manager find; + +hal_client_domain(hal_rebootescrow_citadel, hal_keymaster) + +init_daemon_domain(hal_rebootescrow_citadel) + +allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:dir create_dir_perms; +allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:file create_file_perms; + |