Skip to content
Snippets Groups Projects
Commit bb3ba3e5 authored by Paul Crowley's avatar Paul Crowley
Browse files

Move more metadata policy from device to here

Test: booted metadata-encrypted device
Bug: 79781913
Change-Id: Ib4cb4a04145e5619994083da055f06fe7ae0137a
parent 4c2e89ba
No related branches found
No related tags found
No related merge requests found
...@@ -515,6 +515,12 @@ ...@@ -515,6 +515,12 @@
# LocalTransport (backup) uses this subtree # LocalTransport (backup) uses this subtree
/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 /data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
#############################
# Metadata files
#
/metadata(/.*)? u:object_r:metadata_file:s0
/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0
############################# #############################
# asec containers # asec containers
/mnt/asec(/.*)? u:object_r:asec_apk_file:s0 /mnt/asec(/.*)? u:object_r:asec_apk_file:s0
......
...@@ -477,6 +477,10 @@ allow init system_data_file:lnk_file r_file_perms; ...@@ -477,6 +477,10 @@ allow init system_data_file:lnk_file r_file_perms;
# For init to be able to run shell scripts from vendor # For init to be able to run shell scripts from vendor
allow init vendor_shell_exec:file execute; allow init vendor_shell_exec:file execute;
# Metadata setup
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
### ###
### neverallow rules ### neverallow rules
### ###
......
...@@ -515,6 +515,12 @@ ...@@ -515,6 +515,12 @@
# LocalTransport (backup) uses this subtree # LocalTransport (backup) uses this subtree
/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 /data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
#############################
# Metadata files
#
/metadata(/.*)? u:object_r:metadata_file:s0
/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0
############################# #############################
# asec containers # asec containers
/mnt/asec(/.*)? u:object_r:asec_apk_file:s0 /mnt/asec(/.*)? u:object_r:asec_apk_file:s0
......
...@@ -477,6 +477,10 @@ allow init system_data_file:lnk_file r_file_perms; ...@@ -477,6 +477,10 @@ allow init system_data_file:lnk_file r_file_perms;
# For init to be able to run shell scripts from vendor # For init to be able to run shell scripts from vendor
allow init vendor_shell_exec:file execute; allow init vendor_shell_exec:file execute;
# Metadata setup
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
### ###
### neverallow rules ### neverallow rules
### ###
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment