donjohanliebert/device_xiaomi_sm6150-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d477ef0667
device_xiaomi_sm6150-common/sepolicy/vendor/vendor_toolbox.te
Arian f97544641c sm6150-common: sepolicy: Extend vendor_toolbox permissions to files in persist 
Change-Id: Idf0d7b67e861d2dcb8f6b46cbd2cc5b26b77e08d
2022-06-28 00:40:59 +02:00

70 lines
2.0 KiB
Plaintext
Raw Blame History

type vendor_toolbox, domain;
init_daemon_domain(vendor_toolbox)
# Allow vendor_toolbox to use sys_admin capability
allow vendor_toolbox self:capability sys_admin;
# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
# Allow vendor_toolbox to read directories in rootfs
allow vendor_toolbox rootfs:dir r_dir_perms;
# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
allow vendor_toolbox {
mnt_vendor_file
persist_block_device
unlabeled
vendor_persist_alarm_file
vendor_persist_audio_file
vendor_persist_bluetooth_file
vendor_persist_camera_file
vendor_persist_data_file
vendor_persist_display_file
vendor_persist_drm_file
vendor_persist_elabel_file
vendor_persist_feature_enabler_file
vendor_persist_file
vendor_persist_haptics_file
vendor_persist_hvdcp_file
vendor_persist_iar_db_file
vendor_persist_mmi_file
vendor_persist_qti_fp_file
vendor_persist_rfs_file
vendor_persist_rfs_shared_hlos_file
vendor_persist_secnvm_file
vendor_persist_sensors_file
vendor_persist_time_file
vendor_persist_vpp_file
vendor_persist_wcnss_service_file
}:dir { r_dir_perms setattr };
allow vendor_toolbox {
mnt_vendor_file
persist_block_device
unlabeled
vendor_persist_alarm_file
vendor_persist_audio_file
vendor_persist_bluetooth_file
vendor_persist_camera_file
vendor_persist_data_file
vendor_persist_display_file
vendor_persist_drm_file
vendor_persist_elabel_file
vendor_persist_feature_enabler_file
vendor_persist_file
vendor_persist_haptics_file
vendor_persist_hvdcp_file
vendor_persist_iar_db_file
vendor_persist_mmi_file
vendor_persist_qti_fp_file
vendor_persist_rfs_file
vendor_persist_rfs_shared_hlos_file
vendor_persist_secnvm_file
vendor_persist_sensors_file
vendor_persist_time_file
vendor_persist_vpp_file
vendor_persist_wcnss_service_file
}:{ fifo_file file } { r_file_perms setattr };
Reference in New Issue View Git Blame Copy Permalink