| Dan Pasanen | b7463ef | 2018-07-20 09:33:55 +0200 | [diff] [blame] | 1 | allow update_engine self:capability { dac_override dac_read_search sys_rawio }; |
| Dan Pasanen | 9422c96 | 2018-07-20 09:36:08 +0200 | [diff] [blame^] | 2 | |
| 3 | r_dir_file(update_engine, mnt_user_file) |
| 4 | r_dir_file(update_engine, storage_file) |
| 5 | |
| 6 | allow update_engine self:capability { chown fsetid sys_rawio }; |
| 7 | |
| 8 | allow update_engine labeledfs:filesystem { mount unmount }; |
| 9 | |
| 10 | allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms; |
| 11 | allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms; |
| 12 | allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms; |
| 13 | allow update_engine { rootfs system_file }:file { relabelfrom relabelto }; |