Skip to content
Snippets Groups Projects
Select Git revision
  • 1e8b8846119086e414403d0b3e23dfa0794b2faf
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

attributes

Blame
    • Alex Deymo's avatar
      7b8413db
      Move boot_control HAL permissions to an attribute. · 7b8413db
      Alex Deymo authored
      The boot_control HAL is library loaded by our daemons (like
      update_engine and update_verifier) that interacts with the bootloader.
      The actual implementation of this library is provided by the vendor and
      its runtime permissions are tied to this implementation which varies a
      lot based on how the bootloader and the partitions it uses are
      structured.
      
      This patch moves these permissions to an attribute so the attribute can
      be expanded on each device without the need to repeat that on each one
      of our daemons using the boot_control HAL.
      
      Bug: 27107517
      
      (cherry picked from commit 0f8d9261)
      
      Change-Id: Icb2653cb89812c0de81381ef48280e4ad1e9535c
      7b8413db
      History
      Move boot_control HAL permissions to an attribute.
      Alex Deymo authored
      The boot_control HAL is library loaded by our daemons (like
      update_engine and update_verifier) that interacts with the bootloader.
      The actual implementation of this library is provided by the vendor and
      its runtime permissions are tied to this implementation which varies a
      lot based on how the bootloader and the partitions it uses are
      structured.
      
      This patch moves these permissions to an attribute so the attribute can
      be expanded on each device without the need to repeat that on each one
      of our daemons using the boot_control HAL.
      
      Bug: 27107517
      
      (cherry picked from commit 0f8d9261)
      
      Change-Id: Icb2653cb89812c0de81381ef48280e4ad1e9535c
    incident_helper.te 614 B
    typeattribute incident_helper coredomain;
    
    type incident_helper_exec, exec_type, file_type;
    
    # switch to incident_helper domain for incident_helper command
    domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
    
    # use pipe to transmit data from/to incidentd/incident_helper for parsing
    allow incident_helper { shell incident incidentd }:fd use;
    allow incident_helper { shell incident incidentd }:fifo_file { getattr read write };
    
    # only allow incidentd and shell to call incident_helper
    neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };