39 lines
1 KiB
Text
39 lines
1 KiB
Text
type vendor_toolbox, domain;
|
|
|
|
init_daemon_domain(vendor_toolbox)
|
|
|
|
# Allow vendor_toolbox to use sys_admin capability
|
|
allow vendor_toolbox self:capability sys_admin;
|
|
|
|
# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
|
|
allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
|
|
|
|
# Allow vendor_toolbox to read directories in rootfs
|
|
allow vendor_toolbox rootfs:dir r_dir_perms;
|
|
|
|
# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
|
|
allow vendor_toolbox {
|
|
mnt_vendor_file
|
|
persist_alarm_file
|
|
persist_block_device
|
|
persist_bluetooth_file
|
|
persist_bms_file
|
|
persist_display_file
|
|
persist_drm_file
|
|
persist_file
|
|
persist_fingerprint_file
|
|
persist_hvdcp_file
|
|
persist_misc_file
|
|
persist_qti_fp_file
|
|
persist_rfs_file
|
|
persist_rfs_shared_hlos_file
|
|
persist_secnvm_file
|
|
persist_time_file
|
|
persist_vpp_file
|
|
regionalization_file
|
|
rfs_file
|
|
rfs_shared_hlos_file
|
|
sensors_persist_file
|
|
unlabeled
|
|
vendor_persist_mmi_file
|
|
}:dir { r_dir_perms setattr getattr};
|