Skip to content
Snippets Groups Projects
Commit 017c1ac1 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "SELinux policy for new managed system update APIs"

parents d1b18a79 bffe163b
Branches
No related tags found
No related merge requests found
......@@ -190,6 +190,7 @@ binder_call(system_server, incidentd)
binder_call(system_server, netd)
binder_call(system_server, statsd)
binder_call(system_server, storaged)
binder_call(system_server, update_engine)
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_call(system_server, wpantund)
......@@ -344,6 +345,10 @@ allow system_server audio_device:chr_file rw_file_perms;
allow system_server tun_device:chr_file rw_file_perms;
allowxperm system_server tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
# Manage data/ota_package
allow system_server ota_package_file:dir rw_dir_perms;
allow system_server ota_package_file:file create_file_perms;
# Manage system data files.
allow system_server system_data_file:dir create_dir_perms;
allow system_server system_data_file:notdevfile_class_set create_file_perms;
......@@ -680,6 +685,7 @@ allow system_server stats_service:service_manager find;
allow system_server thermal_service:service_manager find;
allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
userdebug_or_eng(`
......
......@@ -39,6 +39,9 @@ add_service(update_engine, update_engine_service)
# Allow update_engine to call the callback function provided by priv_app.
binder_call(update_engine, priv_app)
# Allow update_engine to call the callback function provided by system_server.
binder_call(update_engine, system_server)
# Read OTA zip file at /data/ota_package/.
allow update_engine ota_package_file:file r_file_perms;
allow update_engine ota_package_file:dir r_dir_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment