diff options
author | Ted Bauer <tedbauer@google.com> | 2024-04-10 21:16:43 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2024-04-10 21:16:43 +0000 |
commit | ba5998d7a25dc168b5e58169c0c6702c35e8f72b (patch) | |
tree | fcd09baecfb43e66807dd0dee9a73181e2e84b2e | |
parent | d51e54db82a002b6fad03d4023ddced1f06de2a9 (diff) | |
parent | 86405531d5be9889f2113343c20b7be70c458871 (diff) | |
download | sepolicy-ba5998d7a25dc168b5e58169c0c6702c35e8f72b.tar.gz |
Merge "Let system server set permissions on marker file" into main
-rw-r--r-- | contexts/plat_file_contexts_test | 2 | ||||
-rw-r--r-- | private/domain.te | 1 | ||||
-rw-r--r-- | private/file.te | 2 | ||||
-rw-r--r-- | private/file_contexts | 1 | ||||
-rw-r--r-- | private/system_server.te | 3 |
5 files changed, 9 insertions, 0 deletions
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test index 8af0fda51..f403f8b41 100644 --- a/contexts/plat_file_contexts_test +++ b/contexts/plat_file_contexts_test @@ -1234,6 +1234,8 @@ /metadata/aconfig/flags/test aconfig_storage_flags_metadata_file /metadata/aconfig/boot aconfig_storage_metadata_file /metadata/aconfig/boot/test aconfig_storage_metadata_file +/metadata/aconfig_test_missions aconfig_test_mission_files +/metadata/aconfig_test_missions/test aconfig_test_mission_files /metadata/apex apex_metadata_file /metadata/apex/test apex_metadata_file /metadata/vold vold_metadata_file diff --git a/private/domain.te b/private/domain.te index bac2a7e28..da52d5fbc 100644 --- a/private/domain.te +++ b/private/domain.te @@ -562,6 +562,7 @@ allow { # that records where flag storage files are, so also needs to be readable by everbody. r_dir_file({ coredomain appdomain }, aconfig_storage_metadata_file); r_dir_file({ coredomain appdomain }, system_aconfig_storage_file); +r_dir_file({ coredomain appdomain }, aconfig_test_mission_files); # processes needs to access storage file stored at /metadata/aconfig/boot, require search # permission on /metadata dir diff --git a/private/file.te b/private/file.te index 5295f6907..b96e18bca 100644 --- a/private/file.te +++ b/private/file.te @@ -156,6 +156,8 @@ type system_aconfig_storage_file, system_file_type, file_type; # Type for /vendor/etc/aconfig type vendor_aconfig_storage_file, vendor_file_type, file_type; +type aconfig_test_mission_files, file_type; + # /data/misc/connectivityblobdb type connectivityblob_data_file, file_type, data_file_type, core_data_file_type; diff --git a/private/file_contexts b/private/file_contexts index 567f30d51..b2091093e 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -872,6 +872,7 @@ /metadata/repair-mode(/.*)? u:object_r:repair_mode_metadata_file:s0 /metadata/aconfig(/.*)? u:object_r:aconfig_storage_metadata_file:s0 /metadata/aconfig/flags(/.*)? u:object_r:aconfig_storage_flags_metadata_file:s0 +/metadata/aconfig_test_missions(/.*)? u:object_r:aconfig_test_mission_files:s0 ############################# # asec containers diff --git a/private/system_server.te b/private/system_server.te index f6ae0923e..8ed485a5e 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1493,6 +1493,9 @@ allow system_server aconfig_storage_flags_metadata_file:dir rw_dir_perms; allow system_server aconfig_storage_flags_metadata_file:file create_file_perms; allow system_server aconfig_storage_metadata_file:dir search; +allow system_server aconfig_test_mission_files:dir create_dir_perms; +allow system_server aconfig_test_mission_files:file create_file_perms; + allow system_server repair_mode_metadata_file:dir rw_dir_perms; allow system_server repair_mode_metadata_file:file create_file_perms; |