Skip to content
Snippets Groups Projects
Commit 6107d75c authored by Fyodor Kupolov's avatar Fyodor Kupolov Committed by android-build-merger
Browse files

SELinux policies for /data/preloads directory am: 49ac2a3d

am: 72f0fbb2

* commit '72f0fbb2':
  SELinux policies for /data/preloads directory

Change-Id: I0eb0aacd3bd5134077ef2bfbc9e5f418044043ab
parents ccf9131c 72f0fbb2
No related branches found
No related tags found
No related merge requests found
......@@ -107,6 +107,8 @@ type heapdump_data_file, file_type, data_file_type, mlstrustedobject;
type nativetest_data_file, file_type, data_file_type;
# /data/system_de/0/ringtones
type ringtone_file, file_type, data_file_type, mlstrustedobject;
# /data/preloads
type preloads_data_file, file_type, data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;
......
......@@ -253,6 +253,7 @@
/data/mediadrm(/.*)? u:object_r:media_data_file:s0
/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0
/data/property(/.*)? u:object_r:property_data_file:s0
/data/preloads(/.*)? u:object_r:preloads_data_file:s0
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
......
......@@ -51,3 +51,7 @@ allow platform_app surfaceflinger_service:service_manager find;
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
# Access to /data/preloads
allow platform_app preloads_data_file:file r_file_perms;
allow platform_app preloads_data_file:dir r_dir_perms;
......@@ -92,6 +92,10 @@ allow priv_app update_engine_service:service_manager find;
# Allow Phone to read/write cached ringtones (opened by system).
allow priv_app ringtone_file:file { getattr read write };
# Access to /data/preloads
allow priv_app preloads_data_file:file r_file_perms;
allow priv_app preloads_data_file:dir r_dir_perms;
###
### neverallow rules
###
......
......@@ -522,6 +522,10 @@ allow system_server postinstall:fifo_file write;
allow system_server update_engine:fd use;
allow system_server update_engine:fifo_file write;
# Access to /data/preloads
allow system_server preloads_data_file:file { r_file_perms unlink };
allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
###
### Neverallow rules
###
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment