Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9e21df22d44a0e9cb5ff0dca2988c3dbd9978f82^! / . / private
commit9e21df22d44a0e9cb5ff0dca2988c3dbd9978f82[log] [tgz]
authorDavid Anderson <dvander@google.com>Tue Jul 27 18:51:18 2021 -0700
committerDavid Anderson <dvander@google.com>Wed Jul 28 22:30:22 2021 -0700
treeff40a9846aafe7f4473368bcdcd009a7484865ba
parentf59543579868b5b43edda796ac94aed8ef9310d4 [diff]
Allow update_engine, recovery, and fastbootd to read snapuserd properties.

Bug: 193833730
Test: OTA applies and boots
Change-Id: I81c089e1763a7e25b23df245f76e04acd52a337e

diff --git a/private/fastbootd.te b/private/fastbootd.te
index 40b3945..2c65281 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te

@@ -22,6 +22,7 @@
   # Determine allocation scheme (whether B partitions needs to be
   # at the second half of super.
   get_prop(fastbootd, virtual_ab_prop)
+  get_prop(fastbootd, snapuserd_prop)
 
   # Needed for TCP protocol
   allow fastbootd node:tcp_socket node_bind;

diff --git a/private/recovery.te b/private/recovery.te
index bba2a0d..2dba93b 100644
--- a/private/recovery.te
+++ b/private/recovery.te

@@ -38,6 +38,7 @@
   allow recovery snapuserd_socket:sock_file write;
   allow recovery snapuserd:unix_stream_socket connectto;
   allow recovery dm_user_device:dir r_dir_perms;
+  get_prop(recovery, snapuserd_prop)
 
   # Set fastbootd protocol property
   set_prop(recovery, fastbootd_protocol_prop)

diff --git a/private/update_engine.te b/private/update_engine.te
index d828e1f..c3f575f 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te

@@ -24,6 +24,7 @@
 # Allow to communicate with the snapuserd service, for dm-user snapshots.
 allow update_engine snapuserd:unix_stream_socket connectto;
 allow update_engine snapuserd_socket:sock_file write;
+get_prop(update_engine, snapuserd_prop)
 
 # Allow to communicate with apexd for calculating and reserving space for
 # capex decompression