diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2019-07-16 02:55:33 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-07-16 02:55:33 +0000 |
| commit | 0defd4f424055c8449ee07269bb14e7fc6873040 (patch) | |
| tree | 96aebf4ccdada92edef2dbca89c8752469e59f39 | |
| parent | 097deb63acdc1e491a76aa04de2acf1d1fcd51f4 (diff) | |
| parent | eb1cf76b70f74ae5d2ab60a5e50f37f2fd740d4b (diff) | |
| download | android_system_sepolicy-lineage-17.0.tar.gz android_system_sepolicy-lineage-17.0.tar.bz2 android_system_sepolicy-lineage-17.0.zip | |
Merge cherrypicks of [8662136, 8662137, 8660337, 8660601, 8660073, 8660074, 8660602, 8662138, 8660127] into qt-releaselineage-17.0
Change-Id: I37d65a3b4f59c46ec86b742b39f3582f411fcf82
| -rw-r--r-- | prebuilts/api/29.0/private/migrate_legacy_obb_data.te | 8 | ||||
| -rw-r--r-- | private/migrate_legacy_obb_data.te | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te +++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te index 4bc1e2c6..b2a1fb10 100644 --- a/private/migrate_legacy_obb_data.te +++ b/private/migrate_legacy_obb_data.te @@ -10,6 +10,14 @@ allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + # TODO: This should not be necessary. We don't deliberately hand over # any open file descriptors to this domain, so anything that triggers this # should be a candidate for O_CLOEXEC. |