diff options
author | Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> | 2014-11-19 17:32:24 +0530 |
---|---|---|
committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2015-02-11 23:16:08 +0000 |
commit | 077da1cf6e2d9457349f2ddcc7531b9882d2f01d (patch) | |
tree | 6a017e798a05e5a5caa2d40908f9e4432c3390a7 | |
parent | ba4296f79d9f40f4a8d14b0580335b1a1d4946ac (diff) | |
download | android_external_sepolicy-stable/cm-12.0-YNG1T.tar.gz android_external_sepolicy-stable/cm-12.0-YNG1T.tar.bz2 android_external_sepolicy-stable/cm-12.0-YNG1T.zip |
SEAndroid: Updated vold domain related policystable/cm-12.0-YNG4Nstable/cm-12.0-YNG3Cstable/cm-12.0-YNG1TAstable/cm-12.0-YNG1Tstable/cm-12.0-YNG1Icm-12.0
Updated vold domain related policy where it need access
to dirty_ratio on proc and update kernel rules where it need
access to the blk file on vold device node
Change-Id: I0aca64860530d291e4c3a374e82a7d623498aa28
-rw-r--r-- | file.te | 3 | ||||
-rw-r--r-- | genfs_contexts | 1 | ||||
-rw-r--r-- | kernel.te | 3 | ||||
-rw-r--r-- | vold.te | 3 |
4 files changed, 10 insertions, 0 deletions
@@ -156,6 +156,9 @@ type zygote_socket, file_type; # UART (for GPS) control proc file type gps_control, file_type; +# Used by vold +type proc_dirty_ratio, fs_type; + # Allow files to be created in their appropriate filesystems. allow fs_type self:filesystem associate; allow sysfs_type sysfs:filesystem associate; diff --git a/genfs_contexts b/genfs_contexts index 31b7e4f..b9c6f3f 100644 --- a/genfs_contexts +++ b/genfs_contexts @@ -20,6 +20,7 @@ genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 genfscon proc /sys/net u:object_r:proc_net:s0 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 +genfscon proc /sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 # selinuxfs booleans can be individually labeled. genfscon selinuxfs / u:object_r:selinuxfs:s0 genfscon cgroup / u:object_r:cgroup:s0 @@ -65,3 +65,6 @@ neverallow domain kernel:process { transition dyntransition }; # - You are running an exploit which switched to the init task credentials # and is then trying to exec a shell or other program. You lose! neverallow kernel { file_type fs_type -rootfs }:file { entrypoint execute_no_trans }; + +# For UMS full-device exports +allow kernel block_device:blk_file r_file_perms; @@ -91,3 +91,6 @@ binder_call(vold, healthd) # talk to keymaster allow vold tee_device:chr_file rw_file_perms; +# For UMS tuning +allow vold proc_dirty_ratio:file rw_file_perms; + |