Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit c75446d0 authored Feb 05, 2015 by Ricardo Cerqueira Committed by Abhisek Devkota Feb 11, 2015

sepolicy: Split off /cache/recovery's permissions

/cache/recovery is used by 2 domains: recovery and updater apps. Separate
its perms from the rest of /cache and grant them to those 2 clients

Change-Id: Iacde60744c07423f9876c2f8e3da900543e38ddf

parent 2ccd36c7

sepolicy/file.te

+3 −0

Original line number	Diff line number	Diff line
		@@ -8,3 +8,6 @@ type theme_data_file, file_type, data_file_type;

		# Performance settings
		type sysfs_devices_system_iosched, file_type, sysfs_type;

		# Recovery's "cache"
		type recovery_cache_file, file_type, mlstrustedobject;

sepolicy/file_contexts

+2 −0

Original line number	Diff line number	Diff line
		/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0

		/cache/recovery(/.*)? u:object_r:recovery_cache_file:s0

		# Auditd is a logging daemon. Put it into logd's context
		/system/bin/auditd u:object_r:logd_exec:s0
		/data/misc/audit(/.*)? u:object_r:auditd_log:s0

sepolicy/recovery.te

+4 −0

Original line number	Diff line number	Diff line
		@@ -35,4 +35,8 @@ allow recovery file_type:notdevfile_class_set { unlink getattr };
		allow recovery install_data_file:file create_file_perms;
		allow recovery system_data_file:file create;

		# /cache/recovery things: command and logs
		allow recovery recovery_cache_file:dir create_dir_perms;
		allow recovery recovery_cache_file:file create_file_perms;

		')

sepolicy/system_app.te

+4 −0

Original line number	Diff line number	Diff line
		# For performance settings
		allow system_app sysfs_devices_system_cpu:file rw_file_perms;
		allow system_app sysfs_devices_system_iosched:file rw_file_perms;

		# For the updaters
		allow system_app recovery_cache_file:dir {add_name rw_file_perms};
		allow system_app recovery_cache_file:file {create rw_file_perms};