sepolicy: Add domain for mkfs binaries

The init binary must transition to another domain when calling out to
executables. Create the mkfs domain for mkfs.f2fs such that init can
transition to it when formatting userdata/cache partitions if the
"formattable" flag is set.

Change-Id: I1046782386d171a59b1a3c5441ed265dc0824977
This commit is contained in:
Keith Mok 2015-12-15 13:24:34 -08:00 committed by Ethan Chen
parent aa40255d77
commit fcfc13ac6f
2 changed files with 12 additions and 0 deletions

View File

@ -14,6 +14,9 @@
/system/etc/init.d/90userinit u:object_r:userinit_exec:s0 /system/etc/init.d/90userinit u:object_r:userinit_exec:s0
/data/local/userinit.sh u:object_r:userinit_data_exec:s0 /data/local/userinit.sh u:object_r:userinit_data_exec:s0
# For F2FS partitions marked "formattable"
/system/bin/mkfs\.f2fs u:object_r:mkfs_exec:s0
# For minivold in recovery # For minivold in recovery
/sbin/minivold u:object_r:vold_exec:s0 /sbin/minivold u:object_r:vold_exec:s0

9
sepolicy/mkfs.te Normal file
View File

@ -0,0 +1,9 @@
type mkfs, domain;
type mkfs_exec, exec_type, file_type;
init_daemon_domain(mkfs)
# Allow formatting userdata or cache partitions
allow mkfs block_device:dir search;
allow mkfs userdata_block_device:blk_file rw_file_perms;
allow mkfs cache_block_device:blk_file rw_file_perms;