aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTreehugger Robot2018-04-10 18:41:21 -0500
committerGerrit Code Review2018-04-10 18:41:21 -0500
commit6cdc9a820dc7bde833f6d2ada7b2de9e278daafe (patch)
treeb5075601dbef856d48ba2f577b0f006ba636df59
parent354a2530770f83a4a7ad39625c2f0bea823ca8db (diff)
parentbf4afae14049bfe9be37aa72db958cbb6b609377 (diff)
downloadsystem-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.tar.gz
system-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.tar.xz
system-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.zip
Merge "Hide sys_rawio SELinux denials."
-rw-r--r--public/hal_bootctl.te2
-rw-r--r--public/update_engine.te1
2 files changed, 3 insertions, 0 deletions
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 8b240b1c..181de4a9 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -4,3 +4,5 @@ binder_call(hal_bootctl_server, hal_bootctl_client)
4 4
5add_hwservice(hal_bootctl_server, hal_bootctl_hwservice) 5add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
6allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find; 6allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
7
8dontaudit hal_bootctl self:capability sys_rawio;
diff --git a/public/update_engine.te b/public/update_engine.te
index 00f70bc4..2075985d 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -19,6 +19,7 @@ wakelock_use(update_engine);
19 19
20# Ignore these denials. 20# Ignore these denials.
21dontaudit update_engine kernel:process setsched; 21dontaudit update_engine kernel:process setsched;
22dontaudit update_engine self:capability sys_rawio;
22 23
23# Allow using persistent storage in /data/misc/update_engine. 24# Allow using persistent storage in /data/misc/update_engine.
24allow update_engine update_engine_data_file:dir create_dir_perms; 25allow update_engine update_engine_data_file:dir create_dir_perms;