-
- Downloads
/proc, /sys access from uncrypt, update_engine, postinstall_dexopt
New types: 1. proc_random 2. sysfs_dt_firmware_android Labeled: 1. /proc/sys/kernel/random as proc_random. 2. /sys/firmware/devicetree/base/firmware/android/{compatible, fstab, vbmeta} as sysfs_dt_firmware_android. Changed access: 1. uncrypt, update_engine, postinstall_dexopt have access to generic proc and sysfs labels removed. 2. appropriate permissions were added to uncrypt, update_engine, update_engine_common, postinstall_dexopt. Bug: 67416435 Bug: 67416336 Test: fake ota go/manual-ab-ota runs without denials Test: adb sideload runs without denials to new types Change-Id: Id31310ceb151a18652fcbb58037a0b90c1f6505a
Showing
- private/compat/26.0/26.0.cil 15 additions, 1 deletionprivate/compat/26.0/26.0.cil
- private/genfs_contexts 2 additions, 0 deletionsprivate/genfs_contexts
- public/file.te 2 additions, 0 deletionspublic/file.te
- public/postinstall_dexopt.te 1 addition, 1 deletionpublic/postinstall_dexopt.te
- public/recovery.te 0 additions, 2 deletionspublic/recovery.te
- public/uncrypt.te 1 addition, 1 deletionpublic/uncrypt.te
- public/update_engine.te 1 addition, 5 deletionspublic/update_engine.te
- public/update_engine_common.te 7 additions, 0 deletionspublic/update_engine_common.te
Loading
Please register or sign in to comment