diff options
| author | Steven Moreland <smoreland@google.com> | 2018-01-09 16:16:16 -0800 |
|---|---|---|
| committer | Greg Hartman <ghartman@google.com> | 2018-01-11 18:10:20 -0800 |
| commit | 83bc109a3cacef90cefdfecf191c8cf01ecfa85a (patch) | |
| tree | f57a1f2fcdbb52f8fb5f8f652293ca7a0d34b6ba | |
| parent | aa1fa647a44d7ec1ba7d7a478d0bdab2b51ef388 (diff) | |
| download | cuttlefish-83bc109a3cacef90cefdfecf191c8cf01ecfa85a.tar.gz | |
Move sensors_hal_socket to the sensor hal.
This was formally attributed to system_server because the hal
was there. It is now properly attributed to the hal server. If
that hal is untrebilized, this sepolicy is still good and the
attribute hal_sensors_server is applied to system_server.
This also removes one of the Treble system/vendor neverallows
that is tripped when PRODUCT_SEPOLICY_SPLIT is enabled.
Bug: 71707530
Test: boot and check logs (/var/run currently doesn't exist,
but the sensors hal is looking at it).
Change-Id: I5123e8543a3277fd225a0203764cd6e03a73bea2
(cherry picked from commit 0738210f061bf30cc42261dd477e628b5cf7fb73)
| -rw-r--r-- | shared/sepolicy/hal_sensors.te | 1 | ||||
| -rw-r--r-- | shared/sepolicy/system_server.te | 1 |
2 files changed, 1 insertions, 1 deletions
diff --git a/shared/sepolicy/hal_sensors.te b/shared/sepolicy/hal_sensors.te new file mode 100644 index 000000000..27fc9c852 --- /dev/null +++ b/shared/sepolicy/hal_sensors.te @@ -0,0 +1 @@ +allow hal_sensors_server sensors_hal_socket:sock_file { create setattr };
\ No newline at end of file diff --git a/shared/sepolicy/system_server.te b/shared/sepolicy/system_server.te index 6fc111a21..ff7e96234 100644 --- a/shared/sepolicy/system_server.te +++ b/shared/sepolicy/system_server.te @@ -2,4 +2,3 @@ # Create /var/run/system directory and sensors_hal_socket socket in the directory. allow system_server var_run_system_file:dir w_dir_perms; type_transition system_server var_run_system_file:sock_file sensors_hal_socket; -allow system_server sensors_hal_socket:sock_file { create setattr }; |