Skip to content
Snippets Groups Projects
Commit 02580440 authored by Tri Vo's avatar Tri Vo Committed by Gerrit Code Review
Browse files

Merge "Move update_engine rules out of update_engine_common.te"

parents c5e32208 fd7da7b2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public/update_engine.te
+ 10
0
View file @ 02580440
...@@ -39,3 +39,13 @@ allow update_engine ota_package_file:dir r_dir_perms; ...@@ -39,3 +39,13 @@ allow update_engine ota_package_file:dir r_dir_perms;
# Use Boot Control HAL # Use Boot Control HAL
hal_client_domain(update_engine, hal_bootctl) hal_client_domain(update_engine, hal_bootctl)
# access /proc/misc and /proc/sys/kernel/random/boot_id
allow update_engine proc:file r_file_perms;
allow update_engine proc_misc:file r_file_perms;
# read directories on /system and /vendor
allow update_engine system_file:dir r_dir_perms;
# Read files in /sys
r_dir_file(update_engine, sysfs)
public/update_engine_common.te
+ 0
10
View file @ 02580440
...@@ -37,13 +37,3 @@ allow update_engine_common shell_exec:file rx_file_perms; ...@@ -37,13 +37,3 @@ allow update_engine_common shell_exec:file rx_file_perms;
# Allow update_engine_common to suspend, resume and kill the postinstall program. # Allow update_engine_common to suspend, resume and kill the postinstall program.
allow update_engine_common postinstall:process { signal sigstop sigkill }; allow update_engine_common postinstall:process { signal sigstop sigkill };
# access /proc/misc and /proc/sys/kernel/random/boot_id
allow update_engine proc:file r_file_perms;
allow update_engine proc_misc:file r_file_perms;
# read directories on /system and /vendor
allow update_engine system_file:dir r_dir_perms;
# Read files in /sys
r_dir_file(uncrypt, sysfs)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment