bbecfaa68b
[Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
27 lines
1.3 KiB
Plaintext
27 lines
1.3 KiB
Plaintext
# MTK Add policy for update_engine
|
|
# Add for update_engine update block device
|
|
allow update_engine preloader_block_device:blk_file rw_file_perms;
|
|
allow update_engine lk_block_device:blk_file rw_file_perms;
|
|
allow update_engine dtbo_block_device:blk_file rw_file_perms;
|
|
allow update_engine tee_block_device:blk_file rw_file_perms;
|
|
allow update_engine vendor_block_device:blk_file rw_file_perms;
|
|
allow update_engine odm_block_device:blk_file rw_file_perms;
|
|
allow update_engine oem_block_device:blk_file rw_file_perms;
|
|
allow update_engine md_block_device:blk_file rw_file_perms;
|
|
allow update_engine dsp_block_device:blk_file rw_file_perms;
|
|
allow update_engine scp_block_device:blk_file rw_file_perms;
|
|
allow update_engine sspm_block_device:blk_file rw_file_perms;
|
|
allow update_engine spmfw_block_device:blk_file rw_file_perms;
|
|
allow update_engine mcupmfw_block_device:blk_file rw_file_perms;
|
|
allow update_engine loader_ext_block_device:blk_file rw_file_perms;
|
|
allow update_engine cam_vpu_block_device:blk_file rw_file_perms;
|
|
allow update_engine para_block_device:blk_file rw_file_perms;
|
|
|
|
|
|
# Add for update_engine call by system_app
|
|
#allow update_engine self:capability dac_override;
|
|
allow update_engine system_app:binder { call transfer };
|
|
|
|
# Add for update_engine with postinstall
|
|
allow update_engine postinstall_mnt_dir:dir { search getattr open read write search unlink};
|