Blame - private/gki_apex_prepostinstall.te - android_system_sepolicy

blob: 11553893089716670a34fb974ba9d0129b972c99 [file] [log] [blame]

Yifan Hong	8ac37f0	2020-06-01 15:07:50 -0700	[diff] [blame]	1	# GKI pre- & post-install hooks.
				2	#
				3	# Allow to run pre- and post-install hooks for GKI APEXes
				4
				5	type gki_apex_prepostinstall, domain, coredomain;
				6	type gki_apex_prepostinstall_exec, system_file_type, exec_type, file_type;
				7
				8	# Execute /system/bin/sh.
				9	allow gki_apex_prepostinstall shell_exec:file rx_file_perms;
				10
				11	# Execute various toolsbox utilities.
				12	allow gki_apex_prepostinstall toolbox_exec:file rx_file_perms;
				13
				14	# Allow preinstall.sh to execute update_engine_stable_client binary.
				15	allow gki_apex_prepostinstall gki_apex_prepostinstall_exec:file execute_no_trans;
				16
				17	# Allow preinstall hook to communicate with update_engine to execute update.
				18	binder_use(gki_apex_prepostinstall)
				19	allow gki_apex_prepostinstall update_engine_stable_service:service_manager find;
				20	binder_call(gki_apex_prepostinstall, update_engine)
Yifan Hong	a580901	2020-08-28 17:29:32 -0700	[diff] [blame^]	21
				22	# /dev/zero is inherited although it is not used. See b/126787589.
				23	allow gki_apex_prepostinstall apexd:fd use;