f3aa8e3d2b
The core SEPolicy for vendor_init is being restricted to the proper Treble restrictions. Since this is a legacy device, it is tagged as a data_between_core_and_vendor_violators and the needed permissions are added to its device specific vendor_init.te Bug: 62875318 Test: boot walleye without audits Change-Id: I13aaa2278e71092d740216d3978dc720afafe8ea Signed-off-by: Subhajeet Muhuri <kenny3fcb@gmail.com>
17 lines
683 B
Text
17 lines
683 B
Text
#============= vendor_init ==============
|
|
typeattribute vendor_init data_between_core_and_vendor_violators;
|
|
|
|
allow vendor_init {
|
|
media_rw_data_file
|
|
system_data_file
|
|
tombstone_data_file
|
|
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
|
|
|
|
set_prop(vendor_init, camera_prop)
|
|
allow vendor_init rootfs:dir { add_name create setattr write };
|
|
allow vendor_init persist_debug_prop:property_service set;
|
|
allow vendor_init persist_dpm_prop:property_service set;
|
|
allow vendor_init qcom_ims_prop:property_service set;
|
|
allow vendor_init rootfs:lnk_file setattr;
|
|
set_prop(vendor_init, camera_prop)
|
|
set_prop(vendor_init, vendor_camera_prop)
|