Skip to content
Snippets Groups Projects
Normal view Permalink
update_verifier.te 314 B
Newer Older
  • Learn to ignore specific revisions
    • Tao Bao's avatar
    Allow update_verifier to access bootctrl_block_device.
    Tao Bao committed
    1 2 3 4 5 6 7 8 9 10 
    # update_verifier
type update_verifier, domain;
type update_verifier_exec, exec_type, file_type;

init_daemon_domain(update_verifier)

# Raw writes to bootctrl block device
allow update_verifier bootctrl_block_device:blk_file rw_file_perms;

# TODO: Add rules to allow update_verifier to read system_block_device.