diff options
| author | Julian Veit <claymore1298@gmail.com> | 2020-11-30 08:06:09 +0100 |
|---|---|---|
| committer | dragonGR <alex@dragongr.dev> | 2020-12-06 21:29:20 +0200 |
| commit | 661d3e777059ec1700062d902d5b97131b4fea5b (patch) | |
| tree | 3373c5345d7f17a52fa38c67c96d8bf8b336f106 | |
| parent | cd5dde6dd27dc691c02440ce5b33057389834125 (diff) | |
sepolicy: add back our stuff
Change-Id: I39efa6d6a1fdc588e4130dd5ab09000c38feadae
| -rw-r--r-- | common/private/file_contexts | 3 | ||||
| -rw-r--r-- | common/private/property_contexts | 2 | ||||
| -rw-r--r-- | common/private/service.te | 3 | ||||
| -rw-r--r-- | common/private/service_contexts | 2 | ||||
| -rw-r--r-- | common/private/system_app.te | 3 | ||||
| -rw-r--r-- | common/private/system_server.te | 3 | ||||
| -rw-r--r-- | common/private/update_engine.te | 4 | ||||
| -rw-r--r-- | sepolicy.mk | 7 |
8 files changed, 27 insertions, 0 deletions
diff --git a/common/private/file_contexts b/common/private/file_contexts new file mode 100644 index 0000000..1eb5cff --- /dev/null +++ b/common/private/file_contexts @@ -0,0 +1,3 @@ +# OTA packages +/data/aicp_updates(/.*)? u:object_r:ota_package_file:s0 + diff --git a/common/private/property_contexts b/common/private/property_contexts new file mode 100644 index 0000000..1f93f18 --- /dev/null +++ b/common/private/property_contexts @@ -0,0 +1,2 @@ +persist.aicp. u:object_r:system_prop:s0 + diff --git a/common/private/service.te b/common/private/service.te new file mode 100644 index 0000000..bbb02ce --- /dev/null +++ b/common/private/service.te @@ -0,0 +1,3 @@ +# Pocket Judge +type pocket_service, system_api_service, system_server_service, service_manager_type; + diff --git a/common/private/service_contexts b/common/private/service_contexts new file mode 100644 index 0000000..0d29a42 --- /dev/null +++ b/common/private/service_contexts @@ -0,0 +1,2 @@ +pocket u:object_r:pocket_service:s0 + diff --git a/common/private/system_app.te b/common/private/system_app.te new file mode 100644 index 0000000..3cb9b74 --- /dev/null +++ b/common/private/system_app.te @@ -0,0 +1,3 @@ +#selinux status +allow system_app selinuxfs:file r_file_perms; + diff --git a/common/private/system_server.te b/common/private/system_server.te new file mode 100644 index 0000000..ebd39cd --- /dev/null +++ b/common/private/system_server.te @@ -0,0 +1,3 @@ +# Pocket judge +allow system_server pocket_service:service_manager { add find }; + diff --git a/common/private/update_engine.te b/common/private/update_engine.te new file mode 100644 index 0000000..13c5b74 --- /dev/null +++ b/common/private/update_engine.te @@ -0,0 +1,4 @@ +# Allow to install OTA's from local storage +allow update_engine backuptool:process noatsecure; +allow update_engine media_rw_data_file:file { open read getattr }; + diff --git a/sepolicy.mk b/sepolicy.mk new file mode 100644 index 0000000..2e55e8a --- /dev/null +++ b/sepolicy.mk @@ -0,0 +1,7 @@ +# +# This policy configuration will be used by all products that +# inherit from Lineage +# +BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \ + device/aicp/sepolicy/common/private + |