Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
401ae7c901d77b60f4a8e4758ca76714c0b0eeac
device_google_wahoo/sepolicy/hal_bootctl.te
Max Bires 0a4f88cbd3 Fixing Taimen OTAs for enforcing before turning it on globally 
denied { ioctl } for pid=570 comm="boot@1.0-servic"
path="/dev/block/sde" dev="tmpfs" ino=19779 ioctlcmd=1268
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { open } for pid=570 comm="boot@1.0-servic" path="/dev/block/sde"
dev="tmpfs" ino=19779 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { read write } for pid=570 comm="boot@1.0-servic" name="sde"
dev="tmpfs" ino=19779 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { getattr } for pid=570 comm="boot@1.0-servic"
path="/dev/block/sde13" dev="tmpfs" ino=19819
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

Bug: 34784662
Test: OTAs work
Change-Id: Idd78395353c54f5d81220f7c8073ab90ee22af2f
2017-05-09 13:17:44 -07:00

28 lines
1.1 KiB
Plaintext
Raw Blame History

# These are the permissions required to use the boot_control HAL implemented
# here: hardware/qcom/bootctrl/boot_control.c
# Getting and setting GPT attributes for the bootloader iterates over all the
# partition names in the block_device directory /dev/block/.../by-name
allow hal_bootctl block_device:dir r_dir_perms;
# Edit the attributes stored in the GPT.
allow hal_bootctl gpt_block_device:blk_file rw_file_perms;
allow hal_bootctl ab_block_device:blk_file getattr;
allow hal_bootctl boot_block_device:blk_file rw_file_perms;
allow hal_bootctl modem_block_device:blk_file getattr;
allow hal_bootctl system_block_device:blk_file getattr;
# Access /dev/sgN devices (generic SCSI) to write the
# A/B slot selection for the XBL partition. Allow also to issue a
# UFS_IOCTL_QUERY ioctl.
allow hal_bootctl sg_device:chr_file rw_file_perms;
allow hal_bootctl self:capability sys_admin;
allow hal_bootctl tmpfs:lnk_file r_file_perms;
# Read the sysfs to lookup what /dev/sgN device
# corresponds to the XBL partitions.
allow hal_bootctl sysfs:dir r_dir_perms;
# Write to the XBL devices.
allow hal_bootctl xbl_block_device:blk_file rw_file_perms;
Reference in New Issue View Git Blame Copy Permalink