Evolution-x-devices/device_xiaomi_sm6150-common
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_xiaomi_sm6150-common synced 2026-01-27 16:26:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "sm6150-common: Force restorecon for /mnt/vendor/persist"

Browse Source 
This reverts commit a13246a7fc.

This causes dac_override denials, set no_sehash_xattr on persist
in fstab instead to fix the issue.

Change-Id: I75f824d5b2beca5f7c3835045a7f568736e148f0
This commit is contained in:
Arian
2023-06-04 10:58:52 +02:00
parent 0d51b5d042
commit 19e23767df
3 changed files with 0 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/vendor/vendor_init.te vendored
View File

@@ -1,4 +1 @@
set_prop(vendor_init, vendor_fp_prop)
# Allow vendor_init to relabel unlabeled files and directories
allow vendor_init unlabeled:{ dir file } { getattr relabelfrom };

69
sepolicy/vendor/vendor_toolbox.te vendored
View File

@@ -1,69 +0,0 @@
type vendor_toolbox, domain;
init_daemon_domain(vendor_toolbox)
# Allow vendor_toolbox to use sys_admin capability
allow vendor_toolbox self:capability sys_admin;
# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
# Allow vendor_toolbox to read directories in rootfs
allow vendor_toolbox rootfs:dir r_dir_perms;
# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
allow vendor_toolbox {
mnt_vendor_file
persist_block_device
unlabeled
vendor_persist_alarm_file
vendor_persist_audio_file
vendor_persist_bluetooth_file
vendor_persist_camera_file
vendor_persist_data_file
vendor_persist_display_file
vendor_persist_drm_file
vendor_persist_elabel_file
vendor_persist_feature_enabler_file
vendor_persist_file
vendor_persist_haptics_file
vendor_persist_hvdcp_file
vendor_persist_iar_db_file
vendor_persist_mmi_file
vendor_persist_qti_fp_file
vendor_persist_rfs_file
vendor_persist_rfs_shared_hlos_file
vendor_persist_secnvm_file
vendor_persist_sensors_file
vendor_persist_time_file
vendor_persist_vpp_file
vendor_persist_wcnss_service_file
}:dir { r_dir_perms setattr };
allow vendor_toolbox {
mnt_vendor_file
persist_block_device
unlabeled
vendor_persist_alarm_file
vendor_persist_audio_file
vendor_persist_bluetooth_file
vendor_persist_camera_file
vendor_persist_data_file
vendor_persist_display_file
vendor_persist_drm_file
vendor_persist_elabel_file
vendor_persist_feature_enabler_file
vendor_persist_file
vendor_persist_haptics_file
vendor_persist_hvdcp_file
vendor_persist_iar_db_file
vendor_persist_mmi_file
vendor_persist_qti_fp_file
vendor_persist_rfs_file
vendor_persist_rfs_shared_hlos_file
vendor_persist_secnvm_file
vendor_persist_sensors_file
vendor_persist_time_file
vendor_persist_vpp_file
vendor_persist_wcnss_service_file
}:{ fifo_file file } { r_file_perms setattr };