diff options
| author | Kenny Root <kroot@google.com> | 2020-06-09 04:47:30 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-09 04:47:30 +0000 |
| commit | b87db289b9987b31bf474a54b422f4954feedba1 (patch) | |
| tree | ee77148d29fdcb77ed6ef78df0781a8e9e70626f | |
| parent | 52257953bf8d437a4023b1dd49ade7fe2234c4c4 (diff) | |
| parent | a4e05ec0e7232418e67bbafc6a8deae1a9451aaf (diff) | |
| download | crosshatch-sepolicy-b87db289b9987b31bf474a54b422f4954feedba1.tar.gz | |
Merge "Resume-on-Reboot: Citadel implementation" into rvc-dev am: a4e05ec0e7
Original change: https://googleplex-android-review.googlesource.com/c/device/google/crosshatch-sepolicy/+/11682999
Change-Id: I48e18e30856fba74b9fbf2be5a8196053f16c95f
| -rw-r--r-- | vendor/google/file_contexts | 3 | ||||
| -rw-r--r-- | vendor/google/hal_rebootescrow_citadel.te | 16 |
2 files changed, 18 insertions, 1 deletions
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index 38a2a9d..e566c62 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -1,6 +1,5 @@ # dev nodes /dev/citadel0 u:object_r:citadel_device:s0 -/dev/access-kregistry u:object_r:rebootescrow_device:s0 /dev/access-metadata u:object_r:ramoops_device:s0 /dev/access-ramoops u:object_r:ramoops_device:s0 /dev/maxfg_history u:object_r:maxfg_device:s0 @@ -9,6 +8,7 @@ /vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0 +/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0 /vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 /vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0 /vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0 @@ -23,6 +23,7 @@ /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor u:object_r:hal_wifi_ext_exec:s0 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy u:object_r:hal_wifi_ext_exec:s0 +/data/vendor/rebootescrow(/.*)? u:object_r:hal_rebootescrow_citadel_data_file:s0 /data/vendor_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_vendor_data_file:s0 /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 diff --git a/vendor/google/hal_rebootescrow_citadel.te b/vendor/google/hal_rebootescrow_citadel.te new file mode 100644 index 0000000..401a985 --- /dev/null +++ b/vendor/google/hal_rebootescrow_citadel.te @@ -0,0 +1,16 @@ +type hal_rebootescrow_citadel, domain; +type hal_rebootescrow_citadel_exec, exec_type, vendor_file_type, file_type; +type hal_rebootescrow_citadel_data_file, file_type, data_file_type; + +hal_server_domain(hal_rebootescrow_citadel, hal_rebootescrow) + +vndbinder_use(hal_rebootescrow_citadel) +binder_call(hal_rebootescrow_citadel, citadeld) +allow hal_rebootescrow_citadel citadeld_service:service_manager find; + +hal_client_domain(hal_rebootescrow_citadel, hal_keymaster) + +init_daemon_domain(hal_rebootescrow_citadel) + +allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:dir create_dir_perms; +allow hal_rebootescrow_citadel hal_rebootescrow_citadel_data_file:file create_file_perms; |