Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
public-release-test
platform
system
sepolicy
Commits
017c1ac1
Commit
017c1ac1
authored
6 years ago
by
Treehugger Robot
Committed by
Gerrit Code Review
6 years ago
Browse files
Options
Downloads
Plain Diff
Merge "SELinux policy for new managed system update APIs"
parents
d1b18a79
bffe163b
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
private/system_server.te
+6
-0
6 additions, 0 deletions
private/system_server.te
public/update_engine.te
+3
-0
3 additions, 0 deletions
public/update_engine.te
with
9 additions
and
0 deletions
private/system_server.te
+
6
−
0
View file @
017c1ac1
...
...
@@ -190,6 +190,7 @@ binder_call(system_server, incidentd)
binder_call(system_server, netd)
binder_call(system_server, statsd)
binder_call(system_server, storaged)
binder_call(system_server, update_engine)
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_call(system_server, wpantund)
...
...
@@ -344,6 +345,10 @@ allow system_server audio_device:chr_file rw_file_perms;
allow system_server tun_device:chr_file rw_file_perms;
allowxperm system_server tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
# Manage data/ota_package
allow system_server ota_package_file:dir rw_dir_perms;
allow system_server ota_package_file:file create_file_perms;
# Manage system data files.
allow system_server system_data_file:dir create_dir_perms;
allow system_server system_data_file:notdevfile_class_set create_file_perms;
...
...
@@ -680,6 +685,7 @@ allow system_server stats_service:service_manager find;
allow system_server thermal_service:service_manager find;
allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
userdebug_or_eng(`
...
...
This diff is collapsed.
Click to expand it.
public/update_engine.te
+
3
−
0
View file @
017c1ac1
...
...
@@ -39,6 +39,9 @@ add_service(update_engine, update_engine_service)
# Allow update_engine to call the callback function provided by priv_app.
binder_call(update_engine, priv_app)
# Allow update_engine to call the callback function provided by system_server.
binder_call(update_engine, system_server)
# Read OTA zip file at /data/ota_package/.
allow update_engine ota_package_file:file r_file_perms;
allow update_engine ota_package_file:dir r_dir_perms;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment