Allow vendor_init to write to misc_block_device am: db465285 am: 4af9448a

am: 5d8aba8b Change-Id: I970508c74a120fc8a426c095ce5c6d611d48f5bd

Allow vendor_init to write to misc_block_device am: db465285 am: 4af9448a
am: 5d8aba8b Change-Id: I970508c74a120fc8a426c095ce5c6d611d48f5bd
77e2a3ac · Tom Cherry · android-build-merger · 7e0f8a37 · 5d8aba8b · 77e2a3ac
Commit 77e2a3ac authored 6 years ago by Tom Cherry Committed by android-build-merger 6 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -600,6 +600,7 @@ neverallow {
  -init
  -uncrypt
  -update_engine
+  -vendor_init
  -vold
  -recovery
  -ueventd

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -146,6 +146,9 @@ allow vendor_init serialno_prop:file { getattr open read };
 # Vendor init can perform operations on trusted and security Extended Attributes
 allow vendor_init self:global_capability_class_set sys_admin;

+# Raw writes to misc block device
+allow vendor_init misc_block_device:blk_file w_file_perms;
+
 not_compatible_property(`
    set_prop(vendor_init, {
      property_type