convert_to_f2fs.sh: add sepolicy

Add entries for convert_to_f2fs.sh executable. Bug: 202511062 Signed-off-by: Konstantin Vyshetsky <vkon@google.com> Change-Id: I76ca5e169efec06f7a856e3938f50cfee5e6a7f3
2021-10-11 16:31:56 -07:00 · 2021-10-11 16:31:56 -07:00 · 54b0addb16
commit 54b0addb16
parent dfbc96da03
2 changed files with 11 additions and 0 deletions
--- a/whitechapel_pro/convert-to-f2fs-sh.te
+++ b/whitechapel_pro/convert-to-f2fs-sh.te
@ -0,0 +1,10 @@
+type convert-to-f2fs-sh, domain;
+
+type convert-to-f2fs-sh_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(convert-to-f2fs-sh)
+
+allow convert-to-f2fs-sh vendor_file:file execute_no_trans;
+allow convert-to-f2fs-sh persist_block_device:blk_file r_file_perms;
+allow convert-to-f2fs-sh block_device:dir search;
+allow convert-to-f2fs-sh kernel:process setsched;
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@ -14,6 +14,7 @@
 /vendor/bin/init\.insmod\.sh                                                u:object_r:init-insmod-sh_exec:s0
 /vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
 /vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
+/vendor/bin/convert_to_f2fs\.sh                                             u:object_r:convert-to-f2fs-sh_exec:s0
 /vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service                    u:object_r:mediacodec_samsung_exec:s0
 /vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service                     u:object_r:mediacodec_google_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto           u:object_r:hal_secure_element_gto_exec:s0