Merge "Move update_engine rules out of update_engine_common.te"

am: 02580440 Change-Id: I9d772751cf8b03dc5ab0e68003d0d2dbd03568c8

Merge "Move update_engine rules out of update_engine_common.te"
4ba3328c · Tri Vo · android-build-merger · 2b13b74a · 02580440 · 4ba3328c
Commit 4ba3328c authored 7 years ago by Tri Vo Committed by android-build-merger 7 years ago
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -39,3 +39,13 @@ allow update_engine ota_package_file:dir r_dir_perms;

 # Use Boot Control HAL
 hal_client_domain(update_engine, hal_bootctl)
+
+# access /proc/misc and /proc/sys/kernel/random/boot_id
+allow update_engine proc:file r_file_perms;
+allow update_engine proc_misc:file r_file_perms;
+
+# read directories on /system and /vendor
+allow update_engine system_file:dir r_dir_perms;
+
+# Read files in /sys
+r_dir_file(update_engine, sysfs)
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -37,13 +37,3 @@ allow update_engine_common shell_exec:file rx_file_perms;

 # Allow update_engine_common to suspend, resume and kill the postinstall program.
 allow update_engine_common postinstall:process { signal sigstop sigkill };
-
-# access /proc/misc and /proc/sys/kernel/random/boot_id
-allow update_engine proc:file r_file_perms;
-allow update_engine proc_misc:file r_file_perms;
-
-# read directories on /system and /vendor
-allow update_engine system_file:dir r_dir_perms;
-
-# Read files in /sys
-r_dir_file(uncrypt, sysfs)