sepolicy: Define and allow map permission for vendor dir am: 24537b2e am:...

sepolicy: Define and allow map permission for vendor dir am: 24537b2e am: e63f7f32 am: 01cd12a0 am: d15ac5ba am: e2e16219 Change-Id: I8abc5d597d6ac567443996060eec005c982570ae

sepolicy: Define and allow map permission for vendor dir am: 24537b2e am:...
db40569e · John Stultz · android-build-merger · f0c76468 · e2e16219 · db40569e
Commit db40569e authored 7 years ago by John Stultz Committed by android-build-merger 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -106,7 +106,7 @@ allow domain system_file:lnk_file { getattr read };
 # devices
 not_full_treble(`
    allow domain vendor_file_type:dir { search getattr };
-    allow domain vendor_file_type:file { execute read open getattr };
+    allow domain vendor_file_type:file { execute read open getattr map };
    allow domain vendor_file_type:lnk_file { getattr read };
 ')
@@ -117,12 +117,12 @@ allow domain vendor_hal_file:dir r_dir_perms;
 # Everyone can read and execute all same process HALs
 allow domain same_process_hal_file:dir r_dir_perms;
-allow domain same_process_hal_file:file { execute read open getattr };
+allow domain same_process_hal_file:file { execute read open getattr map };
 # Any process can load vndk-sp libraries, which are system libraries
 # used by same process HALs
 allow domain vndk_sp_file:dir r_dir_perms;
-allow domain vndk_sp_file:file { execute read open getattr };
+allow domain vndk_sp_file:file { execute read open getattr map };
 # All domains get access to /vendor/etc
 allow domain vendor_configs_file:dir r_dir_perms;
@@ -139,7 +139,7 @@ full_treble_only(`
    # Allow reading and executing out of /vendor to all vendor domains
    allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
-    allow { domain -coredomain } vendor_file_type:file { read open getattr execute };
+    allow { domain -coredomain } vendor_file_type:file { read open getattr execute map };
    allow { domain -coredomain } vendor_file_type:lnk_file { getattr read };
 ')

--- a/public/te_macros
+++ b/public/te_macros
@@ -236,7 +236,7 @@ typeattribute $1 $2;
 # Find passthrough HAL implementations
 allow $2 system_file:dir r_dir_perms;
 allow $2 vendor_file:dir r_dir_perms;
-allow $2 vendor_file:file { read open getattr execute };
+allow $2 vendor_file:file { read open getattr execute map };
 ')
 ')
@@ -255,7 +255,7 @@ typeattribute $1 $2;
 # Find passthrough HAL implementations
 allow $2 system_file:dir r_dir_perms;
 allow $2 vendor_file:dir r_dir_perms;
-allow $2 vendor_file:file { read open getattr execute };
+allow $2 vendor_file:file { read open getattr execute map };
 ')
 #####################################