diff options
author | Tom Marshall <tdm@cyngn.com> | 2014-11-26 13:26:14 -0800 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2014-11-27 23:05:26 +0000 |
commit | 39a4244c7777a08c900743f8ef9a8fcf88fb7843 (patch) | |
tree | 209c8c79aba8bd4611d6406079d7bd01a2a72b2a /sepolicy | |
parent | d22efb80e1bd1aea3710041fd6cd9b0dfd808149 (diff) | |
download | vendor_replicant-39a4244c7777a08c900743f8ef9a8fcf88fb7843.zip vendor_replicant-39a4244c7777a08c900743f8ef9a8fcf88fb7843.tar.gz vendor_replicant-39a4244c7777a08c900743f8ef9a8fcf88fb7843.tar.bz2 |
cm: sepolicy: Add contexts for cm recovery
* Allow setup of secure adb (setup_adbd)
* minivold in recovery
Change-Id: Id1243154f4016b59e54890404cadea46a2aad212
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/file_contexts | 3 | ||||
-rw-r--r-- | sepolicy/recovery.te | 8 | ||||
-rw-r--r-- | sepolicy/sepolicy.mk | 1 | ||||
-rw-r--r-- | sepolicy/vold.te | 2 |
4 files changed, 14 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 7d7a2b4..902831b 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -6,6 +6,9 @@ /system/bin/sysinit u:object_r:sysinit_exec:s0 +# For minivold in recovery +/sbin/minivold u:object_r:vold_exec:s0 + ############################# # performance-related sysfs files (CM) /sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0 diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te new file mode 100644 index 0000000..06bef3f --- /dev/null +++ b/sepolicy/recovery.te @@ -0,0 +1,8 @@ +# Secure adb (setup_adbd) +allow adbd adb_keys_file:dir search; +allow recovery adb_keys_file:file r_file_perms; +allow recovery shell_prop:property_service set; + +# Recovery dialogs +unix_socket_connect(recovery, vold, vold) +allow recovery tmpfs:sock_file create_file_perms; diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 9998bf4..ee217ff 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -16,6 +16,7 @@ BOARD_SEPOLICY_UNION += \ healthd.te \ installd.te \ netd.te \ + recovery.te \ su.te \ sysinit.te \ system.te \ diff --git a/sepolicy/vold.te b/sepolicy/vold.te index ae52a5f..241f191 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1,3 +1,5 @@ +domain_trans(init, rootfs, vold) + # Allow vold to manage ASEC allow vold sdcard_external:file create_file_perms; |