Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9c28a0df authored Jan 03, 2019 by Luca Stefani Committed by razorloves Jan 08, 2019

Make A/B backuptool permissive

Change-Id: Ib1f52f40dab26ac4575e06bfd54b88809b00f8d3
(cherry picked from commit 618adbf2)

parent fcb902d6

common/private/backuptool.te

0 → 100644

+5 −0

Original line number	Diff line number	Diff line
		type backuptool, domain, coredomain;

		permissive backuptool;

		neverallow { domain -update_engine } backuptool:process transition;

common/private/update_engine.te

+5 −8

Original line number	Diff line number	Diff line
		allow update_engine self:capability { dac_override dac_read_search sys_rawio };

		# Read updates from storage data
		r_dir_file(update_engine, mnt_user_file)
		r_dir_file(update_engine, storage_file)

		allow update_engine self:capability { chown fsetid sys_rawio };

		# Allow mount and unmount of system partition
		allow update_engine labeledfs:filesystem { mount unmount };

		allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms;
		allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms;
		allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms;
		allow update_engine { rootfs system_file }:file { relabelfrom relabelto };
		# Allow transition to backuptool domain
		allow update_engine self:process setexec;
		domain_trans(update_engine, otapreopt_chroot_exec, backuptool)