diff options
author | Enzo Liao <enzoliao@google.com> | 2023-03-15 17:17:46 +0800 |
---|---|---|
committer | Enzo Liao <enzoliao@google.com> | 2023-03-15 17:28:59 +0800 |
commit | 474381adee86f036d43d5b3f68a80c8ef5fc4aba (patch) | |
tree | 76d2defba86a3aa6892ece85a0974b1aaec9d76d | |
parent | 3e93f89df9582f7c46c117bc6c9be51720c7cc59 (diff) | |
download | sunfish-sepolicy-474381adee86f036d43d5b3f68a80c8ef5fc4aba.tar.gz |
SSRestarDetector: modify the SELinux policy to allow access files owned by system for Sunfish.android-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-release
It needs to access a file pushed by hosts of test suites (details: http://go/pd-client-for-lab#heading=h.wtp07hbqvwgx)
This CL is used to pass DeviceBootTest.DeviceBootTest#SELinuxUncheckedDenialBootTest.
Bug: 234359369
Bug: 273662631
Design: http://go/pd-client-for-lab
Test: manual
Ignore-AOSP-First: only for google devices.
Change-Id: I670191f20c741d807def4fad25fde92ee54f331a
-rw-r--r-- | vendor/google/ssr_detector.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/vendor/google/ssr_detector.te b/vendor/google/ssr_detector.te index 49f1754..8a0bbe3 100644 --- a/vendor/google/ssr_detector.te +++ b/vendor/google/ssr_detector.te @@ -15,7 +15,8 @@ get_prop(ssr_detector_app, vendor_wifi_version) get_prop(ssr_detector_app, public_vendor_system_prop) # ssr_detector app's data type is system_app_data_file. -allow ssr_detector_app system_app_data_file:dir { getattr search }; +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; allow ssr_detector_app cgroup:file w_file_perms; |