diff options
| author | Jaihind Yadav <jaihindyadav@codeaurora.org> | 2019-08-20 16:54:33 +0530 |
|---|---|---|
| committer | Jaihind Yadav <jaihindyadav@codeaurora.org> | 2019-09-05 11:36:15 +0530 |
| commit | 2450cae4405ee239020d809e472d2b23ee12e5e8 (patch) | |
| tree | 3afd4a281be46c8fe63bfff61948b3d5de6846f8 | |
| parent | eee010c2cfb96f3210ebf79701d5a8f1328bcfdd (diff) | |
| download | android_device_qcom_sepolicy-2450cae4405ee239020d809e472d2b23ee12e5e8.tar.gz android_device_qcom_sepolicy-2450cae4405ee239020d809e472d2b23ee12e5e8.tar.bz2 android_device_qcom_sepolicy-2450cae4405ee239020d809e472d2b23ee12e5e8.zip | |
sepolicy: adding vendor_persist_type attribute.
adding neverallow so that coredomain should not access persist file.
Change-Id: If8ab44db78e08e347cb33239bf2544c22c362b5b
| -rw-r--r-- | generic/vendor/common/attributes | 1 | ||||
| -rw-r--r-- | generic/vendor/common/domain.te | 7 | ||||
| -rw-r--r-- | generic/vendor/common/file.te | 3 | ||||
| -rw-r--r-- | generic/vendor/common/system_server.te | 3 |
4 files changed, 11 insertions, 3 deletions
diff --git a/generic/vendor/common/attributes b/generic/vendor/common/attributes index b2bc687e..964e7542 100644 --- a/generic/vendor/common/attributes +++ b/generic/vendor/common/attributes @@ -59,3 +59,4 @@ attribute hal_capabilityconfigstore_qti_server; attribute hal_dataconnection_qti; attribute hal_dataconnection_qti_client; attribute hal_dataconnection_qti_server; + diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te index 8e44c3f5..4e8595b8 100644 --- a/generic/vendor/common/domain.te +++ b/generic/vendor/common/domain.te @@ -50,3 +50,10 @@ dontaudit domain kernel:system module_request; # For compliance testing test suite reads vendor_security_path_level # Which is the public readable property “ ro.vendor.build.security_patch get_prop(domain, vendor_security_patch_level_prop) +neverallow { + coredomain + -init + -ueventd + -vold + -kernel + } vendor_persist_type: { dir file } *; diff --git a/generic/vendor/common/file.te b/generic/vendor/common/file.te index c2ece051..7aaf1497 100644 --- a/generic/vendor/common/file.te +++ b/generic/vendor/common/file.te @@ -109,6 +109,9 @@ type vendor_audio_data_file, file_type, data_file_type; type vendor_radio_data_file, file_type, data_file_type; type wifi_vendor_log_data_file, file_type, data_file_type; +#for mount of /persist +typeattribute mnt_vendor_file vendor_persist_type; + type persist_file, file_type, vendor_persist_type; type persist_data_file, file_type , vendor_persist_type; type persist_display_file, file_type; diff --git a/generic/vendor/common/system_server.te b/generic/vendor/common/system_server.te index 3cc14a45..bfa0259f 100644 --- a/generic/vendor/common/system_server.te +++ b/generic/vendor/common/system_server.te @@ -34,9 +34,6 @@ binder_call(system_server, hal_graphics_composer) # location binder_call(system_server, location); -allow system_server persist_file:dir search; -allow system_server persist_sensors_file:dir search; -allow system_server persist_sensors_file:file r_file_perms; allow system_server wlan_device:chr_file rw_file_perms; allow system_server hal_audio_default:file w_file_perms; |