mirror of
https://github.com/Evolution-X-Devices/device_google_gs201
synced 2026-01-27 19:18:35 +00:00
review mount and block devices
Bug: 196916111 Test: make sure all path under ufs is labeled Change-Id: Ic3e07e7341f838f54c483ab8b272407a70f1f8f2
This commit is contained in:
Adam Shih
@@ -10,7 +10,6 @@ type vendor_m2m1shot_device, dev_type;
|
||||
type vendor_nanohub_device, dev_type;
|
||||
type vendor_secmem_device, dev_type;
|
||||
type vendor_toe_device, dev_type;
|
||||
type custom_ab_block_device, dev_type;
|
||||
|
||||
# usbpd
|
||||
type logbuffer_device, dev_type;
|
||||
|
||||
@@ -31,40 +31,6 @@
|
||||
#
|
||||
# Exynos Block Devices
|
||||
#
|
||||
/dev/block/platform/14700000\.ufs/by-name/cache u:object_r:cache_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/acpm_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtb_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ect_test_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/hypervisor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/keystorage_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/reclaim_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0
|
||||
|
||||
#
|
||||
|
||||
@@ -1,15 +1,3 @@
|
||||
allow init custom_ab_block_device:lnk_file relabelto;
|
||||
|
||||
# This is needed for chaining a boot partition vbmeta
|
||||
# descriptor, where init will probe the boot partition
|
||||
# to read the chained vbmeta in the first-stage, then
|
||||
# relabel /dev/block/by-name/boot_[a|b] to block_device
|
||||
# after loading sepolicy in the second stage.
|
||||
allow init boot_block_device:lnk_file relabelto;
|
||||
|
||||
allow init persist_file:dir mounton;
|
||||
allow init modem_efs_file:dir mounton;
|
||||
allow init modem_userdata_file:dir mounton;
|
||||
allow init ram_device:blk_file w_file_perms;
|
||||
allow init per_boot_file:file ioctl;
|
||||
allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
|
||||
allow vold modem_efs_file:dir rw_dir_perms;
|
||||
allow vold modem_userdata_file:dir rw_dir_perms;
|
||||
|
||||
dontaudit vold dumpstate:fifo_file rw_file_perms;
|
||||
dontaudit vold dumpstate:fd { use };
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
type sda_block_device, dev_type, bdev_type;
|
||||
type devinfo_block_device, dev_type, bdev_type;
|
||||
type modem_block_device, dev_type, bdev_type;
|
||||
type custom_ab_block_device, dev_type, bdev_type;
|
||||
|
||||
@@ -21,8 +21,34 @@
|
||||
/dev/umts_router u:object_r:radio_device:s0
|
||||
/dev/socket/chre u:object_r:chre_socket:s0
|
||||
/dev/block/sda u:object_r:sda_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/super u:object_r:super_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
|
||||
# Data
|
||||
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
allow init modem_img_file:dir mounton;
|
||||
allow init mnt_vendor_file:dir mounton;
|
||||
allow init modem_img_file:filesystem { getattr mount relabelfrom };
|
||||
allow init custom_ab_block_device:lnk_file relabelto;
|
||||
|
||||
# This is needed for chaining a boot partition vbmeta
|
||||
# descriptor, where init will probe the boot partition
|
||||
# to read the chained vbmeta in the first-stage, then
|
||||
# relabel /dev/block/by-name/boot_[a|b] to block_device
|
||||
# after loading sepolicy in the second stage.
|
||||
allow init boot_block_device:lnk_file relabelto;
|
||||
|
||||
allow init persist_file:dir mounton;
|
||||
allow init modem_efs_file:dir mounton;
|
||||
allow init modem_userdata_file:dir mounton;
|
||||
|
||||
|
||||
3
whitechapel_pro/vold.te
Normal file
3
whitechapel_pro/vold.te
Normal file
@@ -0,0 +1,3 @@
|
||||
allow vold modem_efs_file:dir rw_dir_perms;
|
||||
allow vold modem_userdata_file:dir rw_dir_perms;
|
||||
|
||||
Reference in New Issue
Block a user