Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / a3a0bb446b310aba541d68eeb031b084af41ba99
commita3a0bb446b310aba541d68eeb031b084af41ba99[log] [tgz]
authorAndreas Gampe <agampe@google.com>Sat Jul 09 11:57:13 2016 -0700
committerJeffrey Vander Stoep <jeffv@google.com>Tue Sep 13 20:45:39 2016 +0000
tree5f7180f0d269fce2d106711ab3b921a74b2af8dc
parent9eae9a7181163797e51b4bccbac1d263f5800a68 [diff]
Sepolicy: Add otapreopt_slot

(cherry picked from commit eb717421b1cf5993dd4ffbd15c01922b69a205a6)

The new A/B OTA artifact naming scheme includes the target slot so
that the system is robust with respect to unexpected reboots. This
complicates the renaming code after reboot, so it is moved from the
zygote into a simple script (otapreopt_slot) that is hooked into
the startup sequence in init.

Give the script the subset of the rights that the zygote had so that
it can move the artifacts from /data/ota into /data/dalvik-cache.
Relabeling will be done in the init rc component, so relabeling
rights can be completely removed.

Bug: 25612095
Bug: 28069686
Change-Id: Iad56dc3d78ac759f4f2cce65633cdaf1cab7631b
4 files changed
tree: 5f7180f0d269fce2d106711ab3b921a74b2af8dc
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. audioserver.te
  9. autoplay_app.te
  10. binderservicedomain.te
  11. blkid.te
  12. blkid_untrusted.te
  13. bluetooth.te
  14. bluetoothdomain.te
  15. boot_control_hal.te
  16. bootanim.te
  17. bootstat.te
  18. cameraserver.te
  19. clatd.te
  20. CleanSpec.mk
  21. cppreopts.te
  22. debuggerd.te
  23. device.te
  24. dex2oat.te
  25. dhcp.te
  26. dnsmasq.te
  27. domain.te
  28. domain_deprecated.te
  29. drmserver.te
  30. dumpstate.te
  31. file.te
  32. file_contexts
  33. file_contexts_asan
  34. fingerprintd.te
  35. fs_use
  36. fsck.te
  37. fsck_untrusted.te
  38. gatekeeperd.te
  39. genfs_contexts
  40. global_macros
  41. hci_attach.te
  42. healthd.te
  43. hostapd.te
  44. idmap.te
  45. init.te
  46. initial_sid_contexts
  47. initial_sids
  48. inputflinger.te
  49. install_recovery.te
  50. installd.te
  51. ioctl_defines
  52. ioctl_macros
  53. isolated_app.te
  54. kernel.te
  55. keys.conf
  56. keystore.te
  57. lmkd.te
  58. logd.te
  59. mac_permissions.xml
  60. mdnsd.te
  61. mediacodec.te
  62. mediadrmserver.te
  63. mediaextractor.te
  64. mediaserver.te
  65. mls
  66. mls_macros
  67. MODULE_LICENSE_PUBLIC_DOMAIN
  68. mtp.te
  69. net.te
  70. netd.te
  71. neverallow_macros
  72. nfc.te
  73. NOTICE
  74. otapreopt_chroot.te
  75. otapreopt_slot.te
  76. perfprofd.te
  77. platform_app.te
  78. policy_capabilities
  79. port_contexts
  80. postinstall.te
  81. postinstall_dexopt.te
  82. ppp.te
  83. preopt2cachename.te
  84. priv_app.te
  85. profman.te
  86. property.te
  87. property_contexts
  88. racoon.te
  89. radio.te
  90. README
  91. recovery.te
  92. recovery_persist.te
  93. recovery_refresh.te
  94. rild.te
  95. roles
  96. runas.te
  97. sdcardd.te
  98. seapp_contexts
  99. security_classes
  100. service.te
  101. service_contexts
  102. servicemanager.te
  103. sgdisk.te
  104. shared_relro.te
  105. shell.te
  106. slideshow.te
  107. su.te
  108. surfaceflinger.te
  109. system_app.te
  110. system_server.te
  111. te_macros
  112. tee.te
  113. toolbox.te
  114. tzdatacheck.te
  115. ueventd.te
  116. uncrypt.te
  117. untrusted_app.te
  118. update_engine.te
  119. update_engine_common.te
  120. update_verifier.te
  121. users
  122. vdc.te
  123. vold.te
  124. watchdogd.te
  125. wificond.te
  126. wpa.te
  127. zygote.te