Skip to content
Snippets Groups Projects
Commit 8b3f4c5b authored by Tianjie Xu's avatar Tianjie Xu
Browse files

Gives recovery-persist access to /cache/recovery

Recovery-persist now parses the file /cache/recovery/last_install; and
unlinks it after reporting metrics. Sets up the permission accordingly;
also grants access to /cache if it's a symlink (useful for a/b devices.)

Denials:
recovery-persis: type=1400 audit(0.0:7): avc: denied { write } for name="recovery"
dev="sda35" ino=5275650 scontext=u:r:recovery_persist:s0
tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
recovery-persis: type=1400 audit(0.0:7): avc: denied { search } for name="recovery"
dev="sda35" ino=5275650 scontext=u:r:recovery_persist:s0
tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
recovery-persis: type=1400 audit(0.0:8): avc: denied { search } for name="recovery"
dev="sda35" ino=5275650 scontext=u:r:recovery_persist:s0
tcontext=u:object_r:cache_recovery_file:s0 tclass=dir permissive=0
recovery-persis: type=1400 audit(0.0:8): avc: denied { read } for name="cache"
dev="dm-0" ino=2991 scontext=u:r:recovery_persist:s0
tcontext=u:object_r:cache_file:s0 tclass=lnk_file permissive=0

Bug: 114278989
Test: checks the metrics report on devices with /cache
Change-Id: Iacb5606710e26922a9fbb2d2abacf8333d6df084
parent 275ea12d
No related branches found
No related tags found
No related merge requests found
......@@ -8,6 +8,11 @@ allow recovery_persist pstorefs:file r_file_perms;
allow recovery_persist recovery_data_file:file create_file_perms;
allow recovery_persist recovery_data_file:dir create_dir_perms;
allow recovery_persist cache_file:dir search;
allow recovery_persist cache_file:lnk_file read;
allow recovery_persist cache_recovery_file:dir rw_dir_perms;
allow recovery_persist cache_recovery_file:file { r_file_perms unlink };
###
### Neverallow rules
###
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment