diff options
author | Treehugger Robot | 2018-04-10 18:41:21 -0500 |
---|---|---|
committer | Gerrit Code Review | 2018-04-10 18:41:21 -0500 |
commit | 6cdc9a820dc7bde833f6d2ada7b2de9e278daafe (patch) | |
tree | b5075601dbef856d48ba2f577b0f006ba636df59 /public | |
parent | 354a2530770f83a4a7ad39625c2f0bea823ca8db (diff) | |
parent | bf4afae14049bfe9be37aa72db958cbb6b609377 (diff) | |
download | system-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.tar.gz system-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.tar.xz system-sepolicy-6cdc9a820dc7bde833f6d2ada7b2de9e278daafe.zip |
Merge "Hide sys_rawio SELinux denials."
Diffstat (limited to 'public')
-rw-r--r-- | public/hal_bootctl.te | 2 | ||||
-rw-r--r-- | public/update_engine.te | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te index 8b240b1c..181de4a9 100644 --- a/public/hal_bootctl.te +++ b/public/hal_bootctl.te | |||
@@ -4,3 +4,5 @@ binder_call(hal_bootctl_server, hal_bootctl_client) | |||
4 | 4 | ||
5 | add_hwservice(hal_bootctl_server, hal_bootctl_hwservice) | 5 | add_hwservice(hal_bootctl_server, hal_bootctl_hwservice) |
6 | allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find; | 6 | allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find; |
7 | |||
8 | dontaudit hal_bootctl self:capability sys_rawio; | ||
diff --git a/public/update_engine.te b/public/update_engine.te index 00f70bc4..2075985d 100644 --- a/public/update_engine.te +++ b/public/update_engine.te | |||
@@ -19,6 +19,7 @@ wakelock_use(update_engine); | |||
19 | 19 | ||
20 | # Ignore these denials. | 20 | # Ignore these denials. |
21 | dontaudit update_engine kernel:process setsched; | 21 | dontaudit update_engine kernel:process setsched; |
22 | dontaudit update_engine self:capability sys_rawio; | ||
22 | 23 | ||
23 | # Allow using persistent storage in /data/misc/update_engine. | 24 | # Allow using persistent storage in /data/misc/update_engine. |
24 | allow update_engine update_engine_data_file:dir create_dir_perms; | 25 | allow update_engine update_engine_data_file:dir create_dir_perms; |