Allow vendor_init to write to misc_block_device

Vendors may use this to write custom messages to their bootloader, and as the bootloader is under vendor control, this makes sense to allow. Bug: 77881566 Test: build Merged-In: I78f80400e5f386cad1327a9209ee1afc8e334e56 Change-Id: I78f80400e5f386cad1327a9209ee1afc8e334e56 (cherry picked from commit db465285)

Allow vendor_init to write to misc_block_device
1f6018ea · Tom Cherry · dc3e1dad · 1f6018ea · 1f6018ea
Commit 1f6018ea authored 6 years ago by Tom Cherry
--- a/public/domain.te
+++ b/public/domain.te
@@ -597,6 +597,7 @@ neverallow {
  -init
  -uncrypt
  -update_engine
+  -vendor_init
  -vold
  -recovery
  -ueventd

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -146,6 +146,9 @@ allow vendor_init serialno_prop:file { getattr open read };
 # Vendor init can perform operations on trusted and security Extended Attributes
 allow vendor_init self:global_capability_class_set sys_admin;
+# Raw writes to misc block device
+allow vendor_init misc_block_device:blk_file w_file_perms;
 not_compatible_property(`
    set_prop(vendor_init, {
      property_type