| Marko Man | 5e33b84 | 2018-08-26 23:15:26 +0200 | [diff] [blame] | 1 | r_dir_file(update_engine, mnt_user_file) |
| 2 | r_dir_file(update_engine, storage_file) |
| 3 | |
| Marko Man | c83cecc | 2018-09-01 19:21:27 +0200 | [diff] [blame] | 4 | allow update_engine self:capability { chown fsetid }; |
| Marko Man | 5e33b84 | 2018-08-26 23:15:26 +0200 | [diff] [blame] | 5 | |
| 6 | allow update_engine labeledfs:filesystem { mount unmount }; |
| 7 | |
| maxwen | 81239f4 | 2018-10-03 19:13:17 +0200 | [diff] [blame] | 8 | allow update_engine { otapreopt_chroot_exec toolbox_exec }:file rx_file_perms; |
| Marko Man | c83cecc | 2018-09-01 19:21:27 +0200 | [diff] [blame] | 9 | |
| 10 | allow update_engine labeledfs:filesystem mount; |
| maxwen | 81239f4 | 2018-10-03 19:13:17 +0200 | [diff] [blame] | 11 | allow update_engine rootfs:file { create setattr write rx_file_perms unlink relabelfrom rename }; |
| 12 | allow update_engine rootfs:dir { create write open add_name read rmdir remove_name }; |
| 13 | |
| 14 | allow update_engine system_data_file:file { create read write open unlink }; |
| 15 | allow update_engine system_data_file:dir { create write add_name read remove_name unlink }; |
| 16 | |
| 17 | allow update_engine system_file:file { create setattr write relabelto relabelfrom rx_file_perms unlink }; |
| 18 | allow update_engine system_file:dir { create setattr write rmdir remove_name add_name }; |
| 19 | |
| Marko Man | c83cecc | 2018-09-01 19:21:27 +0200 | [diff] [blame] | 20 | allow update_engine storage_file:lnk_file read; |
| Marko Man | c83cecc | 2018-09-01 19:21:27 +0200 | [diff] [blame] | 21 | allow update_engine toolbox_exec:file { execute getattr }; |