ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity

sepolicy: Permissions for userinit

Browse Source 
Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
This commit is contained in:
Emerson Pinter 2015-02-12 19:20:19 -02:00 committed by Gerrit Code Review
parent 8df987a371
commit dc699fb190
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sepolicy/file_contexts
View File

@ -12,6 +12,7 @@
/system/bin/sysinit u:object_r:sysinit_exec:s0 /system/bin/sysinit u:object_r:sysinit_exec:s0
/system/etc/init.d/90userinit u:object_r:userinit_exec:s0 /system/etc/init.d/90userinit u:object_r:userinit_exec:s0
/data/local/userinit.sh u:object_r:userinit_data_exec:s0
# For minivold in recovery # For minivold in recovery
/sbin/minivold u:object_r:vold_exec:s0 /sbin/minivold u:object_r:vold_exec:s0

10
sepolicy/sysinit.te
View File

@ -9,3 +9,13 @@ allow sysinit shell_exec:file { rx_file_perms };
allow sysinit system_file:file { rx_file_perms }; allow sysinit system_file:file { rx_file_perms };
allow sysinit self:process setcurrent; allow sysinit self:process setcurrent;
userdebug_or_eng(`
allow sysinit userinit_data_exec:file { r_file_perms relabelto };
allow sysinit property_socket:sock_file write;
allow sysinit init:unix_stream_socket connectto;
allow sysinit userinit_prop:property_service set;
allow sysinit sysfs:file rw_file_perms;
allow sysinit sysfs_devices_system_cpu:file write;
allow sysinit self:capability dac_override;
allow sysinit userinit_exec:file { rx_file_perms };
')

1
sepolicy/userinit.te
View File

@ -1,3 +1,4 @@
type userinit_exec, exec_type, file_type; type userinit_exec, exec_type, file_type;
type userinit_data_exec, file_type;
allow userinit_exec userinit_prop:property_service set; allow userinit_exec userinit_prop:property_service set;