Gitiles
Code Review Sign In
gerrit.omnirom.org / android_vendor_omni / 84464ec72576120152d9f180b84cfdb48f1444a2 / . / sepolicy / private / update_engine.te
blob: a0d1cf55be8c1710f70ee7c238d5fdd146948579 [file] [log] [blame]
Marko Mane2e1d7e2018-08-26 23:15:26 +0200[diff] [blame]1r_dir_file(update_engine, mnt_user_file)
2r_dir_file(update_engine, storage_file)
3
Marko Man52470792020-10-24 23:17:07 +0200[diff] [blame]4allow update_engine self:capability { chown fsetid dac_read_search };
Marko Man07f6ad92020-03-15 23:29:09 +0100[diff] [blame]5allow update_engine self:process { setexec };
Marko Mane2e1d7e2018-08-26 23:15:26 +0200[diff] [blame]6
7allow update_engine labeledfs:filesystem { mount unmount };
8
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]9allow update_engine { otapreopt_chroot_exec toolbox_exec }:file rx_file_perms;
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]10
11allow update_engine labeledfs:filesystem mount;
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]12allow update_engine rootfs:file { rx_file_perms relabelfrom rename setattr unlink };
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]13allow update_engine rootfs:dir { create write open add_name read rmdir remove_name };
14
15allow update_engine system_data_file:file { create read write open unlink };
16allow update_engine system_data_file:dir { create write add_name read remove_name unlink };
17
micky3872e3cf9d2021-01-13 02:39:36 +0100[diff] [blame]18allow update_engine system_file:file { create setattr write relabelto relabelfrom rename rx_file_perms unlink };
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]19allow update_engine system_file:dir { create setattr write rmdir remove_name add_name setattr };
maxwen1630ca72018-10-03 19:13:17 +0200[diff] [blame]20
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]21allow update_engine storage_file:lnk_file read;
Marko Manf2b9bf92018-09-01 19:21:27 +0200[diff] [blame]22allow update_engine toolbox_exec:file { execute getattr };
Marko Mand83e01d2019-08-07 13:35:03 +0200[diff] [blame]23
24allow update_engine sepolicy_file:file { append };
Marko Manf3953cf2019-09-29 00:02:17 +0200[diff] [blame]25
26allow update_engine gsi_metadata_file:dir search;
micky3872e3cf9d2021-01-13 02:39:36 +0100[diff] [blame]27allow update_engine metadata_file:dir { getattr search };
28allow update_engine rootfs:file { append create write };
Marko Manbe9caa02019-10-11 10:35:54 +0200[diff] [blame]29#####
30allow update_engine proc_filesystems:file { getattr open read };
31allow update_engine system_file:lnk_file { create rename };
micky387489416d2020-03-16 21:29:14 +0100[diff] [blame]32allow update_engine system_lib_file:dir { add_name setattr write };
micky3872e3cf9d2021-01-13 02:39:36 +0100[diff] [blame]33allow update_engine system_lib_file:file { create relabelfrom setattr write };
Marko Manf3953cf2019-09-29 00:02:17 +0200[diff] [blame]34
micky3872e3cf9d2021-01-13 02:39:36 +0100[diff] [blame]35#allow update_engine vendor_overlay_file:dir { getattr search };
36allow update_engine vendor_overlay_file:file { getattr read };
37allow update_engine linkerconfig_file:dir { getattr };
micky3872e3cf9d2021-01-13 02:39:36 +0100[diff] [blame]38allow update_engine update_engine:capability { kill };
micky387853ec772022-08-28 12:09:20 +0200[diff] [blame]39allow update_engine fuse:file r_file_perms;
40allow update_engine otadexopt_service:service_manager find;
41binder_call(update_engine, platform_app)