vendor sepolicy genesis v2 Change-Id: I1ccf1ffed326c1ae7d008a847b11b58227b7e7e3

commit: 5e33b84202984df2ba41a3499fd3e6d4c595939c [log] [tgz]
author: Marko Man <darkobas@gmail.com> Sun Aug 26 23:15:26 2018 +0200
committer: Jon West <electrikjesus@gmail.com> Sun Feb 03 15:23:49 2019 -0500
tree: 180ad4f1d4daa99d50404fc348b52d3c8592e80a
parent: 912f6869f969144ead86518f3544bbff433470b1 [diff] [blame]
diff --git a/sepolicy/private/update_engine.te b/sepolicy/private/update_engine.te
new file mode 100644
index 0000000..309699a
--- /dev/null
+++ b/sepolicy/private/update_engine.te

@@ -0,0 +1,13 @@
+allow update_engine self:capability { dac_override dac_read_search sys_rawio };
+
+r_dir_file(update_engine, mnt_user_file)
+r_dir_file(update_engine, storage_file)
+
+allow update_engine self:capability { chown fsetid sys_rawio };
+
+allow update_engine labeledfs:filesystem { mount unmount };
+
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms;
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms;
+allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms;
+allow update_engine { rootfs system_file }:file { relabelfrom relabelto };
commit	5e33b84202984df2ba41a3499fd3e6d4c595939c	[log] [tgz]
author	Marko Man <darkobas@gmail.com>	Sun Aug 26 23:15:26 2018 +0200
committer	Jon West <electrikjesus@gmail.com>	Sun Feb 03 15:23:49 2019 -0500
tree	180ad4f1d4daa99d50404fc348b52d3c8592e80a
parent	912f6869f969144ead86518f3544bbff433470b1 [diff] [blame]