Skip to content
Snippets Groups Projects
Normal view Permalink
sgdisk.te 539 B
Newer Older
  • Learn to ignore specific revisions
    • Jeff Sharkey's avatar
    Updated policy for external storage.
    Jeff Sharkey committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 
    # sgdisk called from vold
type sgdisk, domain;
type sgdisk_exec, exec_type, file_type;

# Allowed to read/write low-level partition tables
allow sgdisk block_device:dir search;
allow sgdisk vold_device:blk_file rw_file_perms;

# Allow stdin/out back to vold
allow sgdisk vold:fd use;
allow sgdisk vold:fifo_file { read write getattr };

# Only allow entry from vold
neverallow { domain -vold } sgdisk:process transition;
neverallow domain sgdisk:process dyntransition;
neverallow sgdisk { file_type fs_type -sgdisk_exec }:file entrypoint;