review mount and block devices
Bug: 196916111 Test: make sure all path under ufs is labeled Change-Id: Ic3e07e7341f838f54c483ab8b272407a70f1f8f2
This commit is contained in:
Adam Shih
parent
ee0c81fbc6
commit
91d989bca4
9 changed files with 43 additions and 49 deletions
|
|
@ -10,7 +10,6 @@ type vendor_m2m1shot_device, dev_type;
|
|||
type vendor_nanohub_device, dev_type;
|
||||
type vendor_secmem_device, dev_type;
|
||||
type vendor_toe_device, dev_type;
|
||||
type custom_ab_block_device, dev_type;
|
||||
|
||||
# usbpd
|
||||
type logbuffer_device, dev_type;
|
||||
|
|
|
|||
|
|
@ -31,40 +31,6 @@
|
|||
#
|
||||
# Exynos Block Devices
|
||||
#
|
||||
/dev/block/platform/14700000\.ufs/by-name/cache u:object_r:cache_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/acpm_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtb_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ect_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/hypervisor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/keystorage_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/reclaim_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,15 +1,3 @@
|
|||
allow init custom_ab_block_device:lnk_file relabelto;
|
||||
|
||||
# This is needed for chaining a boot partition vbmeta
|
||||
# descriptor, where init will probe the boot partition
|
||||
# to read the chained vbmeta in the first-stage, then
|
||||
# relabel /dev/block/by-name/boot_[a|b] to block_device
|
||||
# after loading sepolicy in the second stage.
|
||||
allow init boot_block_device:lnk_file relabelto;
|
||||
|
||||
allow init persist_file:dir mounton;
|
||||
allow init modem_efs_file:dir mounton;
|
||||
allow init modem_userdata_file:dir mounton;
|
||||
allow init ram_device:blk_file w_file_perms;
|
||||
allow init per_boot_file:file ioctl;
|
||||
allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
|
||||
allow vold modem_efs_file:dir rw_dir_perms;
|
||||
allow vold modem_userdata_file:dir rw_dir_perms;
|
||||
|
||||
dontaudit vold dumpstate:fifo_file rw_file_perms;
|
||||
dontaudit vold dumpstate:fd { use };
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
type sda_block_device, dev_type, bdev_type;
|
||||
type devinfo_block_device, dev_type, bdev_type;
|
||||
type modem_block_device, dev_type, bdev_type;
|
||||
type custom_ab_block_device, dev_type, bdev_type;
|
||||
|
|
|
|||
|
|
@ -21,8 +21,34 @@
|
|||
/dev/umts_router u:object_r:radio_device:s0
|
||||
/dev/socket/chre u:object_r:chre_socket:s0
|
||||
/dev/block/sda u:object_r:sda_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
|
||||
# Data
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
allow init modem_img_file:dir mounton;
|
||||
allow init mnt_vendor_file:dir mounton;
|
||||
allow init modem_img_file:filesystem { getattr mount relabelfrom };
|
||||
allow init custom_ab_block_device:lnk_file relabelto;
|
||||
|
||||
# This is needed for chaining a boot partition vbmeta
|
||||
# descriptor, where init will probe the boot partition
|
||||
# to read the chained vbmeta in the first-stage, then
|
||||
# relabel /dev/block/by-name/boot_[a|b] to block_device
|
||||
# after loading sepolicy in the second stage.
|
||||
allow init boot_block_device:lnk_file relabelto;
|
||||
|
||||
allow init persist_file:dir mounton;
|
||||
allow init modem_efs_file:dir mounton;
|
||||
allow init modem_userdata_file:dir mounton;
|
||||
|
||||
|
|
|
|||
3
whitechapel_pro/vold.te
Normal file
3
whitechapel_pro/vold.te
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
allow vold modem_efs_file:dir rw_dir_perms;
|
||||
allow vold modem_userdata_file:dir rw_dir_perms;
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue