427c135bd6
[Detail] Only BASIC Sepolicy need to be applyed for BASIC, we separate basic/bsp sepolicy for BASIC. This workaround is for fixing the build errors that cause by the declarations were defined in bsp/ dir and neverallow rules. MTK-Commit-Id: f1ed54e84b85f73e20dcc8c2ac5f0c42fddedc77 Change-Id: I568873fcc272d04b018efc4be00924b751bb3775 CR-Id: ALPS04340791 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
# ==============================================
|
|
# Policy File of /vendor/bin/resize_xxx Executable File
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
type resize, domain;
|
|
type resize_exec, exec_type, file_type, vendor_file_type;
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Date : WK15.30
|
|
# Operation : Migration
|
|
# Purpose : resize fs(ext4) partition, only run once.
|
|
init_daemon_domain(resize)
|
|
|
|
allow resize resize_exec:file execute_no_trans;
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow resize devpts:chr_file { read write open getattr ioctl };
|
|
|
|
allow resize kmsg_device:chr_file { write open };
|
|
|
|
allow resize userdata_block_device:blk_file rw_file_perms;
|
|
|
|
allow resize block_device:dir search;
|
|
|
|
allow resize resize:capability sys_admin;
|
|
|
|
allow resize labeledfs:filesystem unmount;
|
|
|
|
allow resize property_socket:sock_file write;
|
|
|
|
allow resize init:unix_stream_socket connectto;
|
|
|
|
#allow resize system_file:file execute_no_trans;
|