diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-11 08:50:04 -0400 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-09-19 19:01:32 -0700 |
| commit | dd053a9b891195439b1c0848cb0e8a6e17b4b9bc (patch) | |
| tree | 9e2005327c52684aae9dbc6a4a620ae36c12a170 /device.te | |
| parent | f37ce3f3e2ad68da61f709567cd166a83316e3f3 (diff) | |
| download | android_external_sepolicy-dd053a9b891195439b1c0848cb0e8a6e17b4b9bc.tar.gz android_external_sepolicy-dd053a9b891195439b1c0848cb0e8a6e17b4b9bc.tar.bz2 android_external_sepolicy-dd053a9b891195439b1c0848cb0e8a6e17b4b9bc.zip | |
Define types for userdata and cache block devices.
Introduce separate types for the userdata and cache block
devices so that we can assign them and allow access to them
in device-specific policy without allowing access to any other
block device (e.g. system). These types will only be used if
assigned to device node paths in the device-specific file_contexts
configuration. Otherwise, this change will have no impact - the
userdata and cache block devices will continue to default to block_device
type.
To avoid breakage when these new types are assigned to the userdata
block device, allow access by vold and uncrypt, but auditallow
these accesses to confirm that these are required.
Change-Id: I99d24f06506f51ebf1d186d9c393b3cad60e98d7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'device.te')
| -rw-r--r-- | device.te | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -67,3 +67,9 @@ type root_block_device, dev_type; # factory reset protection block device type frp_block_device, dev_type; + +# Userdata block device mounted on /data. +type userdata_block_device, dev_type; + +# Cache block device mounted on /cache. +type cache_block_device, dev_type; |