f24bfe8ca3
It keeps people from using my domain to do random things, which causes VTS failure like b/364989823. Bug: 371497180 Test: build pass and adb bugreport build fail when ag/28359861 is around. Change-Id: I438bf2b026718a46bb841ab5e656d11eec630960
12 lines
690 B
Text
12 lines
690 B
Text
# required permission to use tar to pack dumpsate_board.bin
|
|
allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
|
|
allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
|
|
allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
|
|
allow hal_dumpstate_default shell_data_file:file getattr;
|
|
set_prop(hal_dumpstate_default, vendor_logger_prop)
|
|
|
|
# All dumps that are executed via hal_dumpstate_default should use their
|
|
# own domain to request their permissions to achieve compartmentalization.
|
|
# go/pixel-bugreport has examples on how to do that.
|
|
neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
|
|
|