Skip to content
Snippets Groups Projects
Commit c1a23d04 authored by Yabin Cui's avatar Yabin Cui
Browse files

Allow init and vold writing misc block device. 

Bug: 27176738
Change-Id: Ib52bb94973d20591dd440cea42aadfa53d476848
parent 4a0c8036
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
init.te
+ 3
0
View file @ c1a23d04
...@@ -286,6 +286,9 @@ allow init unencrypted_data_file:dir create_dir_perms; ...@@ -286,6 +286,9 @@ allow init unencrypted_data_file:dir create_dir_perms;
unix_socket_connect(init, vold, vold) unix_socket_connect(init, vold, vold)
# Raw writes to misc block device
allow init misc_block_device:blk_file w_file_perms;
### ###
### neverallow rules ### neverallow rules
### ###
......
vold.te
+ 3
0
View file @ c1a23d04
...@@ -189,6 +189,9 @@ allow vold toolbox_exec:file rx_file_perms; ...@@ -189,6 +189,9 @@ allow vold toolbox_exec:file rx_file_perms;
allow vold user_profile_data_file:dir create_dir_perms; allow vold user_profile_data_file:dir create_dir_perms;
allow vold user_profile_foreign_dex_data_file:dir { getattr setattr }; allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };
# Raw writes to misc block device
allow vold misc_block_device:blk_file w_file_perms;
neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr }; neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -vold -init } vold_data_file:dir *; neverallow { domain -vold -init } vold_data_file:dir *;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment