Gitiles
Code Review Sign In
gerrit.omnirom.org / android_vendor_omni / 07f6ad929ff6fbf0da0beae89738a2a49daa177e / . / sepolicy / private / update_engine.te
blob: 940255285b4adaf2d99152500ad273b1068aa7a0 [file] [log] [blame]
Marko Mane2e1d7e2018-08-26 23:15:26 +0200[diff] [blame]1r_dir_file(update_engine, mnt_user_file)
2r_dir_file(update_engine, storage_file)
3
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]4allow update_engine self:capability { chown fsetid };
Marko Man07f6ad92020-03-15 23:29:09 +0100[diff] [blame^]5allow update_engine self:process { setexec };
Marko Mane2e1d7e2018-08-26 23:15:26 +0200[diff] [blame]6
7allow update_engine labeledfs:filesystem { mount unmount };
8
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]9allow update_engine { otapreopt_chroot_exec toolbox_exec }:file rx_file_perms;
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]10
11allow update_engine labeledfs:filesystem mount;
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]12allow update_engine rootfs:file { rx_file_perms relabelfrom rename setattr unlink };
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]13allow update_engine rootfs:dir { create write open add_name read rmdir remove_name };
14
15allow update_engine system_data_file:file { create read write open unlink };
16allow update_engine system_data_file:dir { create write add_name read remove_name unlink };
17
18allow update_engine system_file:file { create setattr write relabelto relabelfrom rx_file_perms unlink };
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]19allow update_engine system_file:dir { create setattr write rmdir remove_name add_name setattr };
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]20
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]21allow update_engine storage_file:lnk_file read;
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]22allow update_engine toolbox_exec:file { execute getattr };
Marko Mand83e01d2019-08-07 13:35:03 +0200[diff] [blame]23
24allow update_engine sepolicy_file:file { append };
Marko Manf3953cf2019-09-29 00:02:17 +0200[diff] [blame]25
26allow update_engine gsi_metadata_file:dir search;
maxwenea8c17c2019-12-30 13:17:25 +0100[diff] [blame]27allow update_engine metadata_file:dir search;
Marko Manf3953cf2019-09-29 00:02:17 +0200[diff] [blame]28allow update_engine rootfs:file { create write };
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]29#####
30allow update_engine proc_filesystems:file { getattr open read };
31allow update_engine system_file:lnk_file { create rename };
32allow update_engine system_lib_file:dir setattr;
Marko Manf3953cf2019-09-29 00:02:17 +0200[diff] [blame]33