mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
f392990328
system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.
Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.
These violators are allowed only for P, but not for Q.
Bug: 78598545
Test: m -j selinux_policy
Merged-In: I60b12f1232c77ad997c8c87e6d91baa14c626e94
Change-Id: I60b12f1232c77ad997c8c87e6d91baa14c626e94
(cherry picked from commit 3ee4e77674)
21 lines
664 B
Plaintext
21 lines
664 B
Plaintext
type ramoops, domain, coredomain;
|
|
type ramoops_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(ramoops);
|
|
|
|
# kmod=crypto-gcm(aes)
|
|
dontaudit ramoops kernel:system module_request;
|
|
|
|
allow ramoops ramoops_exec:file rx_file_perms;
|
|
allow ramoops shell_exec:file rx_file_perms;
|
|
allow ramoops toolbox_exec:file rx_file_perms;
|
|
|
|
# Set the sys.ramoops.decrypted property
|
|
typeattribute ramoops system_writes_vendor_properties_violators;
|
|
set_prop(ramoops, ramoops_prop);
|
|
|
|
allow ramoops sysfs_pstore:file rw_file_perms;
|
|
allow ramoops ramoops_device:chr_file rw_file_perms;
|
|
allow ramoops ramoops_data_file:file create_file_perms;
|
|
allow ramoops ramoops_data_file:dir rw_dir_perms;
|