Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f958c5ca732af53bbd17a15ce11395b8d87597c8^2..f958c5ca732af53bbd17a15ce11395b8d87597c8 / .
commitf958c5ca732af53bbd17a15ce11395b8d87597c8[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Wed Sep 29 03:52:48 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Sep 29 03:52:48 2021 +0000
tree69eb0a121ed260a5131e4f89960f71aa26dd8c89
parenta07b83c1c62fa2ba66fe7d28fa4751c218a400f3 [diff]
parent4d90b7e78b141f211df8331aeab8a4944623db9a [diff]
Merge changes from topic "se_policy_binary"

* changes:
  Migrate system sepolicy binaries to Soong
  Add se_policy_binary module

diff --git a/apex/apex.test-file_contexts b/apex/apex.test-file_contexts
index a14e14b..0623d9a 100644
--- a/apex/apex.test-file_contexts
+++ b/apex/apex.test-file_contexts

@@ -1,4 +1,2 @@
-/bin/apex_test_preInstallHook  u:object_r:apex_test_prepostinstall_exec:s0
-/bin/apex_test_postInstallHook u:object_r:apex_test_prepostinstall_exec:s0
 (/.*)?                         u:object_r:system_file:s0
 /bin/surfaceflinger            u:object_r:surfaceflinger_exec:s0

diff --git a/private/apexd.te b/private/apexd.te
index 3213241..fae3e41 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -123,31 +123,10 @@
 allow apexd vold_service:service_manager find;
 binder_call(apexd, vold)
 
-# Apex pre- & post-install permission.
-
-# Allow self-execute for the fork mount helper.
-allow apexd apexd_exec:file execute_no_trans;
-
-# Unshare and make / private so that hooks cannot influence the
-# running system.
-allow apexd rootfs:dir mounton;
-
-# Allow to execute shell for pre- and postinstall scripts. A transition
-# rule is required, thus restricted to execute and not execute_no_trans.
-allow apexd shell_exec:file { r_file_perms execute };
-
 # apexd is using bootstrap bionic
 allow apexd system_bootstrap_lib_file:dir r_dir_perms;
 allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
 
-# Allow transition to test APEX preinstall domain.
-userdebug_or_eng(`
-  domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
-')
-
-# Allow transition to GKI update pre/post install domain
-domain_auto_trans(apexd, gki_apex_prepostinstall_exec, gki_apex_prepostinstall)
-
 # Allow apexd to be invoked with logwrapper from init during userspace reboot.
 allow apexd devpts:chr_file { read write };
 

diff --git a/private/file_contexts b/private/file_contexts
index a764f70..bc75fd3 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -490,12 +490,14 @@
 # This includes VENDOR Dynamically Loadable Kernel Modules and other misc files.
 #
 /(vendor_dlkm|vendor/vendor_dlkm|system/vendor/vendor_dlkm)(/.*)?         u:object_r:vendor_file:s0
+/(vendor_dlkm|vendor/vendor_dlkm|system/vendor/vendor_dlkm)/etc(/.*)?     u:object_r:vendor_configs_file:s0
 
 #############################
 # OdmDlkm files
 # This includes ODM Dynamically Loadable Kernel Modules and other misc files.
 #
 /(odm_dlkm|vendor/odm_dlkm|system/vendor/odm_dlkm)(/.*)?                  u:object_r:vendor_file:s0
+/(odm_dlkm|vendor/odm_dlkm|system/vendor/odm_dlkm)/etc(/.*)?              u:object_r:vendor_configs_file:s0
 
 #############################
 # Vendor files from /(product|system/product)/vendor_overlay