From 2ccd36c73f9baebf2749b33d43cafa8b016e633e Mon Sep 17 00:00:00 2001 From: Georg Veichtlbauer Date: Wed, 4 Feb 2015 18:17:31 +0100 Subject: [PATCH] sepolicy: allow userinit to set its property Change-Id: I9d8270d889566d169077a1b1fdaee43059d11ee1 --- sepolicy/file_contexts | 2 ++ sepolicy/property.te | 1 + sepolicy/property_contexts | 1 + sepolicy/sepolicy.mk | 1 + sepolicy/userinit.te | 3 +++ 5 files changed, 8 insertions(+) create mode 100644 sepolicy/userinit.te diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index ad1c4045..7ca945a9 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -9,6 +9,8 @@ /system/bin/sysinit u:object_r:sysinit_exec:s0 +/system/etc/init.d/90userinit u:object_r:userinit_exec:s0 + # For minivold in recovery /sbin/minivold u:object_r:vold_exec:s0 diff --git a/sepolicy/property.te b/sepolicy/property.te index fe7d9b2d..1e6b2203 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1,2 +1,3 @@ type adbtcp_prop, property_type; type recovery_prop, property_type; +type userinit_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index b3a3540e..d6beeb22 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,3 +1,4 @@ service.adb.tcp.port u:object_r:adbtcp_prop:s0 recovery.perf.mode u:object_r:recovery_prop:s0 adb.secure u:object_r:recovery_prop:s0 +cm.userinit.active u:object_r:userinit_prop:s0 diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 6cd50645..194fd9a9 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -32,6 +32,7 @@ BOARD_SEPOLICY_UNION += \ system_app.te \ ueventd.te \ uncrypt.te \ + userinit.te \ vold.te \ zygote.te \ mac_permissions.xml diff --git a/sepolicy/userinit.te b/sepolicy/userinit.te new file mode 100644 index 00000000..caddb086 --- /dev/null +++ b/sepolicy/userinit.te @@ -0,0 +1,3 @@ +type userinit_exec, exec_type, file_type; + +allow userinit_exec userinit_prop:property_service set;