| Kiyoung Kim | affa6f3 | 2019-07-08 19:02:05 +0900 | [diff] [blame] | 1 | type linkerconfig, domain, coredomain; |
| 2 | type linkerconfig_exec, exec_type, file_type, system_file_type; |
| 3 | |
| 4 | init_daemon_domain(linkerconfig) |
| 5 | |
| 6 | ## Read and write linkerconfig subdirectory. |
| Kiyoung Kim | b55d444 | 2020-01-20 13:40:08 +0900 | [diff] [blame] | 7 | allow linkerconfig linkerconfig_file:dir create_dir_perms; |
| Kiyoung Kim | affa6f3 | 2019-07-08 19:02:05 +0900 | [diff] [blame] | 8 | allow linkerconfig linkerconfig_file:file create_file_perms; |
| 9 | |
| Kiyoung Kim | 2d5f2e2 | 2019-07-23 13:41:19 +0900 | [diff] [blame] | 10 | # Allow linkerconfig to log to the kernel. |
| 11 | allow linkerconfig kmsg_device:chr_file w_file_perms; |
| 12 | |
| Kiyoung Kim | 6f73396 | 2019-12-18 13:30:28 +0900 | [diff] [blame] | 13 | # Allow linkerconfig to be invoked with logwrapper from init. |
| Jooyung Han | 3aaead5 | 2023-04-10 10:55:40 +0900 | [diff] [blame] | 14 | allow linkerconfig devpts:chr_file { getattr ioctl read write }; |
| Kiyoung Kim | 6f73396 | 2019-12-18 13:30:28 +0900 | [diff] [blame] | 15 | |
| Kiyoung Kim | b55d444 | 2020-01-20 13:40:08 +0900 | [diff] [blame] | 16 | # Allow linkerconfig to scan for apex modules |
| 17 | allow linkerconfig apex_mnt_dir:dir r_dir_perms; |
| 18 | |
| Jooyung Han | 86f2284 | 2020-07-30 01:11:15 +0900 | [diff] [blame] | 19 | # Allow linkerconfig to read apex-info-list.xml |
| 20 | allow linkerconfig apex_info_file:file r_file_perms; |
| 21 | |
| Jooyung Han | b6211b8 | 2023-05-31 17:51:14 +0900 | [diff] [blame] | 22 | # Allow linkerconfig to read apex_manifest.pb file from vendor apex |
| 23 | r_dir_file(linkerconfig, vendor_apex_metadata_file) |
| 24 | |
| Alex Light | 16dfb43 | 2021-03-11 11:26:08 -0800 | [diff] [blame] | 25 | # Allow linkerconfig to be called in the otapreopt_chroot |
| 26 | allow linkerconfig otapreopt_chroot:fd use; |
| 27 | allow linkerconfig postinstall_apex_mnt_dir:dir r_dir_perms; |
| 28 | allow linkerconfig postinstall_apex_mnt_dir:file r_file_perms; |
| 29 | |
| Jiakai Zhang | 4acd073 | 2024-03-20 11:24:54 +0000 | [diff] [blame] | 30 | # Allow for use in Pre-reboot Dexopt. |
| 31 | allow linkerconfig dexopt_chroot_setup:fd use; |
| 32 | |
| 33 | neverallow { |
| 34 | domain |
| 35 | -dexopt_chroot_setup |
| 36 | -init |
| 37 | -linkerconfig |
| 38 | -otapreopt_chroot |
| Paul Lawrence | 840b607 | 2025-01-28 07:41:05 -0800 | [diff] [blame^] | 39 | userdebug_or_eng(`-overlay_remounter') |
| Jiakai Zhang | 4acd073 | 2024-03-20 11:24:54 +0000 | [diff] [blame] | 40 | } linkerconfig_exec:file no_x_file_perms; |