diff --git a/vendor/device.te b/vendor/device.te index fdb49579..ee136aa8 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,6 +1,7 @@ type persist_block_device, dev_type; type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; @@ -20,3 +21,6 @@ type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index 6498f828..81d41c1d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -50,6 +50,7 @@ userdebug_or_eng(` # sysfs type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # GSA diff --git a/vendor/file_contexts b/vendor/file_contexts index 488cc407..ba6f2bcb 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,5 +1,6 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te new file mode 100644 index 00000000..2ffeb27f --- /dev/null +++ b/vendor/hal_bootctl_default.te @@ -0,0 +1,8 @@ +allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sysfs_ota:file rw_file_perms; +allow hal_bootctl_default tee_device:chr_file rw_file_perms; + +recovery_only(` + allow hal_bootctl_default rootfs:dir r_dir_perms; +')