LenovoZ5s/device_lenovo_sdm710-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_lenovo_sdm710-common/sepolicy/vendor/init.te
Hridya Valsaraju 8803ff0740
sdm710-common: Set PRODUCT_SET_DEBUGFS_RESTRICTIONS 
Starting with Android R launched devices, debugfs cannot be mounted in
production builds. In order to avoid accidental debugfs dependencies
from creeping in during development with userdebug/eng builds, the
build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS can be set by vendors to
enforce additional debugfs restrictions for userdebug/eng builds. The
same flag will be used to enable sepolicy neveallow statements to
prevent new permissions added for debugfs access.

Test: build, boot
Bug: 184381659
Change-Id: I45e6f20c886d467a215c9466f3a09965ff897d7e
2023-11-25 20:35:07 +02:00

8 lines
301 B
Text
Raw Blame History

get_prop(init, exported_default_prop)
allow init logdump_partition:lnk_file relabelto;
allow init self:netlink_route_socket rw_socket_perms_no_ioctl;
allow init self:rawip_socket create_socket_perms_no_ioctl;
allow init socket_device:sock_file { unlink setattr create };
allow init proc:file write;
Reference in a new issue View git blame Copy permalink