mirror of
https://github.com/Evolution-X-Devices/device_google_gs201
synced 2026-01-27 14:29:33 +00:00
a770b611a1
Android 15.0.0 Release 20 (BP1A.250305.019) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8eo7QAKCRDorT+BmrEO # eN4GAJ4zBTRmknJtiHTlKaXFFCxh6RaE0QCfVZMelWDtp9SyAoTrojuN1flREII= # =d0db # -----END PGP SIGNATURE----- # gpg: Signature made Wed Mar 5 03:29:17 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By Nina Chen (9) and others # Via Android Build Coastguard Worker (22) and others * tag 'android-15.0.0_r20': (22 commits) modem_svc: move shared_modem_platform related sepolicy to gs-common Update SELinux error Allow tachyon service to make binder calls to GCA Update SELinux error Update SELinux error Revert "modem_svc: move shared_modem_platform related sepolicy t..." modem_svc: move shared_modem_platform related sepolicy to gs-common Update ldaf sensor device filename Update SELinux error Update SELinux error sepolicy: allow dump_power to read battery_history_device Update SELinux error sepolicy: allow dump_power to read debugfs Remove duplicate service entries Revert "Update SELinux error" Update SELinux error convert-to-ext4-sh.te: use su domain instead modem_svc: use shared_modem_platform to replace all modem_svc_sit Update SELinux error sepolicy: allow dumpstate to execute dump_power ... Conflicts: sepolicy/gs201-sepolicy.mk Change-Id: Ie0faabb66c73c2e4da10f9f8f0a65fa49e68a7dc
33 lines
1.3 KiB
Plaintext
33 lines
1.3 KiB
Plaintext
allow init modem_img_file:dir mounton;
|
|
allow init mnt_vendor_file:dir mounton;
|
|
allow init modem_img_file:filesystem { getattr mount relabelfrom };
|
|
allow init custom_ab_block_device:lnk_file relabelto;
|
|
|
|
# This is needed for chaining a boot partition vbmeta
|
|
# descriptor, where init will probe the boot partition
|
|
# to read the chained vbmeta in the first-stage, then
|
|
# relabel /dev/block/by-name/boot_[a|b] to block_device
|
|
# after loading sepolicy in the second stage.
|
|
allow init boot_block_device:lnk_file relabelto;
|
|
|
|
allow init persist_file:dir mounton;
|
|
allow init modem_efs_file:dir mounton;
|
|
allow init modem_userdata_file:dir mounton;
|
|
allow init ram_device:blk_file w_file_perms;
|
|
allow init sysfs_scsi_devices_0000:file w_file_perms;
|
|
|
|
# Workaround for b/193113005 that modem_img unlabeled after disable-verity
|
|
dontaudit init overlayfs_file:file rename;
|
|
dontaudit init overlayfs_file:chr_file unlink;
|
|
|
|
# /system_ext/bin/convert_to_ext4.sh is a script to convert an f2fs
|
|
# filesystem into an ext4 filesystem. This script is executed on
|
|
# debuggable devices only. As it is a one-shot script which
|
|
# has run in permissive mode since 2022, we transition to the
|
|
# su domain to avoid unnecessarily polluting security policy
|
|
# with rules which are never enforced.
|
|
# This script was added in b/239632964
|
|
userdebug_or_eng(`
|
|
domain_auto_trans(init, convert-to-ext4-sh_exec, su)
|
|
')
|