diff options
author | Bart Van Assche <bvanassche@google.com> | 2021-08-06 15:40:33 -0700 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-19 02:35:29 +0000 |
commit | 5a3d421d8a0ac95e1669faae77bfde4b32478957 (patch) | |
tree | 2ad63a33d3ea77f22769abe00e7672e861d55466 | |
parent | 5c72f84ae4999a702b1bf21e59cc1362414afbe4 (diff) | |
download | gs101-sepolicy-5a3d421d8a0ac95e1669faae77bfde4b32478957.tar.gz |
Add the 'bdev_type' attribute to all block device types
The following patch introduces code that iterates over all block
devices:
https://android-review.googlesource.com/c/platform/system/core/+/1783847/9
The following patch grants 'init' and 'apexd' permission to iterate over
all block devices:
https://android-review.googlesource.com/c/platform/system/sepolicy/+/1783947
The above SELinux policy change requires to add the 'bdev_type'
attribute to all block devices. Hence this patch.
Bug: 194450129
Bug: 196982345
Test: Built Android images that include this change and verified that neither init nor apexd triggers any SELinux access denied errors.
Change-Id: I6ce1127f199c5b33812f15fe280d86594d7d7ebf
Signed-off-by: Bart Van Assche <bvanassche@google.com>
(cherry picked from commit 37b574130114211a3fcf4d91e79dd0c19e772224)
-rw-r--r-- | whitechapel/vendor/google/device.te | 20 | ||||
-rw-r--r-- | whitechapel/vendor/google/file.te | 2 |
2 files changed, 11 insertions, 11 deletions
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te index bd62647..bc3c947 100644 --- a/whitechapel/vendor/google/device.te +++ b/whitechapel/vendor/google/device.te @@ -1,12 +1,12 @@ # Block Devices -type efs_block_device, dev_type; -type fat_block_device, dev_type; -type modem_block_device, dev_type; -type modem_userdata_block_device, dev_type; -type persist_block_device, dev_type; -type vendor_block_device, dev_type; -type sda_block_device, dev_type; -type mfg_data_block_device, dev_type; +type efs_block_device, dev_type, bdev_type; +type fat_block_device, dev_type, bdev_type; +type modem_block_device, dev_type, bdev_type; +type modem_userdata_block_device, dev_type, bdev_type; +type persist_block_device, dev_type, bdev_type; +type vendor_block_device, dev_type, bdev_type; +type sda_block_device, dev_type, bdev_type; +type mfg_data_block_device, dev_type, bdev_type; # Exynos devices type vendor_m2m1shot_device, dev_type; @@ -14,8 +14,8 @@ type vendor_gnss_device, dev_type; type vendor_nanohub_device, dev_type; type vendor_secmem_device, dev_type; type vendor_toe_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; +type custom_ab_block_device, dev_type, bdev_type; +type devinfo_block_device, dev_type, bdev_type; # usbpd type logbuffer_device, dev_type; diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 85c8dcc..b8c22e1 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -78,7 +78,7 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type mediadrm_vendor_data_file, file_type, data_file_type; # Storage Health HAL -type sysfs_scsi_devices_0000, sysfs_type, fs_type; +type sysfs_scsi_devices_0000, sysfs_type, fs_type, sysfs_block_type; type debugfs_f2fs, debugfs_type, fs_type; type proc_f2fs, proc_type, fs_type; |