| Florian Mayer | 2317345 | 2022-01-19 15:19:20 -0800 | [diff] [blame] | 1 | # mtectrl is a tool to request MTE (Memory Tagging Extensions) from the bootloader. |
| Inseob Kim | 3bd63cc | 2022-01-26 08:45:17 +0900 | [diff] [blame] | 2 | type mtectrl, domain, coredomain; |
| Florian Mayer | 2317345 | 2022-01-19 15:19:20 -0800 | [diff] [blame] | 3 | type mtectrl_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(mtectrl) |
| 6 | |
| Florian Mayer | 51382a3 | 2022-09-21 14:53:48 -0700 | [diff] [blame] | 7 | # to set the sys prop to match the bootloader message state. |
| 8 | set_prop(mtectrl, arm64_memtag_prop) |
| 9 | |
| Florian Mayer | 2317345 | 2022-01-19 15:19:20 -0800 | [diff] [blame] | 10 | # mtectrl communicates the request to the bootloader via the misc partition. |
| Florian Mayer | 51382a3 | 2022-09-21 14:53:48 -0700 | [diff] [blame] | 11 | # needs to write to update the request in misc partition, and read to sync |
| 12 | # back to the property. |
| 13 | allow mtectrl misc_block_device:blk_file rw_file_perms; |
| Florian Mayer | 2317345 | 2022-01-19 15:19:20 -0800 | [diff] [blame] | 14 | allow mtectrl block_device:dir r_dir_perms; |
| 15 | read_fstab(mtectrl) |
| Florian Mayer | 09f14e9 | 2022-09-28 14:44:43 -0700 | [diff] [blame] | 16 | |
| 17 | # bootloader_message tries to find the fstab in the device config path first, |
| 18 | # but because we've already booted up we can use the ro.boot properties instead, |
| 19 | # so we can just ignore the SELinux denial. |
| 20 | dontaudit mtectrl sysfs_dt_firmware_android:dir search; |
| 21 | dontaudit mtectrl vendor_property_type:file read; |