diff options
author | Yi-Yo Chiang <yochiang@google.com> | 2021-03-25 22:16:57 +0800 |
---|---|---|
committer | Yi-yo Chiang <yochiang@google.com> | 2021-03-30 15:39:36 +0000 |
commit | 32932e7868b8fd0a04c3faf933e7d5b5d084ae91 (patch) | |
tree | c909253c08c4cd678e600e64303617de2b9bc8a3 | |
parent | 30e44b791ae4166acf28440dbd5a4e2bf858c7d8 (diff) | |
download | wembley-sepolicy-32932e7868b8fd0a04c3faf933e7d5b5d084ae91.tar.gz |
Add rules for calling ReadDefaultFstab()
Grant fstab access rights to these domains.
Bug: 181110285
Test: Presubmit boot health test
Change-Id: I6ea4a9e749eca774925e4f664a423d2d51ad0e55
Merged-In: I6ea4a9e749eca774925e4f664a423d2d51ad0e55
(cherry picked from commit dbc53ae057a8b2e15c5239f6f5acee0a64321f14)
-rw-r--r-- | non_plat/fuelgauged_nvram.te | 3 | ||||
-rw-r--r-- | non_plat/mtk_hal_camera.te | 3 | ||||
-rw-r--r-- | non_plat/nvram_daemon.te | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/non_plat/fuelgauged_nvram.te b/non_plat/fuelgauged_nvram.te index 3b59440..1794aba 100644 --- a/non_plat/fuelgauged_nvram.te +++ b/non_plat/fuelgauged_nvram.te @@ -64,3 +64,6 @@ r_dir_file(fuelgauged_nvram, sysfs_batteryinfo) allow fuelgauged_nvram mnt_vendor_file:dir search; allow fuelgauged_nvram sysfs_boot_mode:file { open read }; + +# Allow ReadDefaultFstab(). +read_fstab(fuelgauged_nvram) diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te index 4173b0a..3f98d04 100644 --- a/non_plat/mtk_hal_camera.te +++ b/non_plat/mtk_hal_camera.te @@ -378,3 +378,6 @@ allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF; allow mtk_hal_camera sysfs:file rw_file_perms; allow mtk_hal_camera system_server:binder call; allow mtk_hal_camera Vcodec_device:chr_file rw_file_perms; + +# Allow ReadDefaultFstab(). +read_fstab(mtk_hal_camera) diff --git a/non_plat/nvram_daemon.te b/non_plat/nvram_daemon.te index e8c108e..a7128c4 100644 --- a/non_plat/nvram_daemon.te +++ b/non_plat/nvram_daemon.te @@ -84,3 +84,5 @@ allow nvram_daemon self:capability { fowner chown fsetid }; allow nvram_daemon sysfs_boot_mode:file r_file_perms; +# Allow ReadDefaultFstab(). +read_fstab(nvram_daemon) |