sdm660-common: sepolicy: Add restricted permissions to vendor_init
The core SEPolicy for vendor_init is being restricted to the proper Treble restrictions. Since this is a legacy device, it is tagged as a data_between_core_and_vendor_violators and the needed permissions are added to its device specific vendor_init.te Bug: 62875318 Test: boot walleye without audits Change-Id: I13aaa2278e71092d740216d3978dc720afafe8ea Signed-off-by: Subhajeet Muhuri <kenny3fcb@gmail.com>
This commit is contained in:
Tom Cherry
Max Weffers
parent
36ef559156
commit
f3aa8e3d2b
1 changed files with 2 additions and 0 deletions
2
sepolicy/vendor/vendor_init.te
vendored
2
sepolicy/vendor/vendor_init.te
vendored
|
|
@ -1,6 +1,8 @@
|
|||
#============= vendor_init ==============
|
||||
typeattribute vendor_init data_between_core_and_vendor_violators;
|
||||
|
||||
allow vendor_init {
|
||||
media_rw_data_file
|
||||
system_data_file
|
||||
tombstone_data_file
|
||||
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
|
||||
|
|
|
|||
Loading…
Reference in a new issue