Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 370b40b1 authored by dianlujitao's avatar dianlujitao
Browse files

sepolicy: Dynamically build trust policy into system/vendor 

 * Introduce a new board flag TARGET_USES_PREBUILT_VENDOR_SEPOLICY and
   a sepolicy variant: dynamic
 * When TARGET_USES_PREBUILT_VENDOR_SEPOLICY=true, dynamic act as
   private policy, and vendor policy is excluded in order to avoid
   conflicts (it's not integrated to final builds anyway). When the flag
   is not set, dynamic acts as vendor policy to survive from system
   image change i.e. GSI installation.

Change-Id: I8bfd078d6064616c88e2c58a9fa3aa045dddf303
parent 71566b5f

common/dynamic/file.te

0 → 100644
+1 −0
Original line number Diff line number Diff line 
type proc_deny_new_usb, fs_type, proc_type;

common/dynamic/genfs_contexts

0 → 100644
+1 −0
Original line number Diff line number Diff line 
genfscon proc /sys/kernel/deny_new_usb u:object_r:proc_deny_new_usb:s0

common/dynamic/hwservice.te

0 → 100644
+1 −0
Original line number Diff line number Diff line 
type hal_lineage_trust_hwservice, hwservice_manager_type;

common/dynamic/hwservice_contexts

0 → 100644
+1 −0
Original line number Diff line number Diff line 
vendor.lineage.trust::IUsbRestrict                   u:object_r:hal_lineage_trust_hwservice:s0