Skip to content
Snippets Groups Projects
Commit 3a8c5dc0 authored by Todd Poynor's avatar Todd Poynor
Browse files

Allow oemfs search for system_server and bootanim 

Address denials in devices that use /oem

Change-Id: I80b76bb58bab9b6c54d6550eb801664d82a4d403
parent a7c04dcd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bootanim.te
+ 3
0
View file @ 3a8c5dc0
...@@ -8,3 +8,6 @@ binder_use(bootanim) ...@@ -8,3 +8,6 @@ binder_use(bootanim)
binder_call(bootanim, surfaceflinger) binder_call(bootanim, surfaceflinger)
allow bootanim gpu_device:chr_file rw_file_perms; allow bootanim gpu_device:chr_file rw_file_perms;
# /oem access
allow bootanim oemfs:dir search;
system_server.te
+ 3
0
View file @ 3a8c5dc0
...@@ -388,6 +388,9 @@ allow system_server block_device:dir search; ...@@ -388,6 +388,9 @@ allow system_server block_device:dir search;
# Clean up old cgroups # Clean up old cgroups
allow system_server cgroup:dir { remove_name rmdir }; allow system_server cgroup:dir { remove_name rmdir };
# /oem access
allow system_server oemfs:dir search;
### ###
### Neverallow rules ### Neverallow rules
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment