Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

review partition related operation

Browse source 
Bug: 254378739
Test: boot with no relevant avc error
Change-Id: I31ee3a7654e759fb19d90fa9ec05d493660c3741
This commit is contained in:
Adam Shih 2022-11-21 11:15:51 +08:00
parent 8cc9ed0404
commit 91f7e4c62e
6 changed files with 13 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

8
legacy/whitechapel_pro/e2fs.te
View file

@ -1,8 +0,0 @@
allow e2fs persist_block_device:blk_file rw_file_perms;
allow e2fs efs_block_device:blk_file rw_file_perms;
allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
};
allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
allow e2fs sysfs_scsi_devices_0000:file r_file_perms;

8
legacy/whitechapel_pro/fastbootd.te
View file

@ -1,8 +0,0 @@
# Required by the bootcontrol HAL for the 'set_active' command.
recovery_only(`
allow fastbootd devinfo_block_device:blk_file rw_file_perms;
allow fastbootd sda_block_device:blk_file rw_file_perms;
allow fastbootd sysfs_ota:file rw_file_perms;
allow fastbootd citadel_device:chr_file rw_file_perms;
allow fastbootd st54spi_device:chr_file rw_file_perms;
')

11
legacy/whitechapel_pro/init.te
View file

@ -1,14 +1,3 @@
allow init mnt_vendor_file:dir mounton;
allow init custom_ab_block_device:lnk_file relabelto;
# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;
allow init persist_file:dir mounton;
allow init ram_device:blk_file w_file_perms; allow init ram_device:blk_file w_file_perms;
allow init sysfs_scsi_devices_0000:file w_file_perms; allow init sysfs_scsi_devices_0000:file w_file_perms;

1
tracking_denials/permissive.te
View file

@ -1,4 +1,5 @@
userdebug_or_eng(` userdebug_or_eng(`
permissive pixelstats_vendor; permissive pixelstats_vendor;
permissive logger_app; permissive logger_app;
permissive fastbootd;
') ')

12
vendor/init.te vendored Normal file
View file

@ -0,0 +1,12 @@
allow init mnt_vendor_file:dir mounton;
allow init custom_ab_block_device:lnk_file relabelto;
# This is needed for chaining a boot partition vbmeta
# descriptor, where init will probe the boot partition
# to read the chained vbmeta in the first-stage, then
# relabel /dev/block/by-name/boot_[a|b] to block_device
# after loading sepolicy in the second stage.
allow init boot_block_device:lnk_file relabelto;
allow init persist_file:dir mounton;

1
legacy/whitechapel_pro/update_engine.te → vendor/update_engine.te vendored
View file

@ -1,3 +1,2 @@
allow update_engine custom_ab_block_device:blk_file rw_file_perms; allow update_engine custom_ab_block_device:blk_file rw_file_perms;
allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms;
allow update_engine proc_bootconfig:file r_file_perms;