Move microdroid sepolicy to system/sepolicy Bug: 190511750 Test: boot microdroid Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12

commit: e1389977e00124633c1165d778081afe6b185f92 [log] [tgz]
author: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
committer: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
tree: a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent: 951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]
diff --git a/microdroid/system/private/linkerconfig.te b/microdroid/system/private/linkerconfig.te
new file mode 100644
index 0000000..4d8db0c
--- /dev/null
+++ b/microdroid/system/private/linkerconfig.te

@@ -0,0 +1,21 @@
+type linkerconfig, domain, coredomain;
+type linkerconfig_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(linkerconfig)
+
+## Read and write linkerconfig subdirectory.
+allow linkerconfig linkerconfig_file:dir create_dir_perms;
+allow linkerconfig linkerconfig_file:file create_file_perms;
+
+# Allow linkerconfig to log to the kernel.
+allow linkerconfig kmsg_device:chr_file w_file_perms;
+
+# Allow linkerconfig to be invoked with logwrapper from init.
+allow linkerconfig devpts:chr_file { read write };
+
+# Allow linkerconfig to scan for apex modules
+allow linkerconfig apex_mnt_dir:dir r_dir_perms;
+
+# Allow linkerconfig to read apex-info-list.xml
+allow linkerconfig apex_info_file:file r_file_perms;
+
commit	e1389977e00124633c1165d778081afe6b185f92	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
committer	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
tree	a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent	951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]