Skip to content
Snippets Groups Projects
Normal view Permalink
dumpstate.te 727 B
Newer Older
  • Learn to ignore specific revisions
    • dcashman's avatar
    Split general policy into public and private components.
    dcashman committed
    1 2 3 4 5 6 
    # type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
init_daemon_domain(dumpstate)

# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)
    dcashman's avatar
    sepolicy: add version_policy tool and version non-platform policy.  
    dcashman committed
    7 8 9 10 11 12 13 14 15 
    
# TODO: deal with tmpfs_domain pub/priv split properly
allow dumpstate dumpstate_tmpfs:file execute;

# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
allow dumpstate debugfs_trace_marker:file getattr;
allow dumpstate atrace_exec:file rx_file_perms;
    ynwang's avatar
    Storaged permissions for task I/O  
    ynwang committed
    16 17 18 19 
    allow dumpstate storaged_exec:file rx_file_perms;

# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)