-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
common: Switch Updater app to its own SELinux domain
Change-Id: If0ea1c3af9f75c312e02d63ce2c7d0ec051b4be3
- Loading branch information
Showing
4 changed files
with
22 additions
and
1 deletion.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
user=_app isPrivApp=true seinfo=platform name=com.android.gallery3d domain=gallery_app type=app_data_file levelFrom=user | ||
user=_app isPrivApp=true seinfo=platform name=org.lineageos.snap domain=snap_app type=app_data_file levelFrom=user | ||
user=_app isPrivApp=true seinfo=platform name=org.lineageos.updater domain=updater_app type=app_data_file levelFrom=user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
type updater_app, domain, coredomain; | ||
|
||
app_domain(updater_app) | ||
|
||
binder_call(updater_app, update_engine) | ||
|
||
allow updater_app app_api_service:service_manager find; | ||
allow updater_app system_api_service:service_manager find; | ||
allow updater_app update_engine_service:service_manager find; | ||
|
||
allow updater_app app_data_file:dir create_dir_perms; | ||
allow updater_app app_data_file:{ file lnk_file } create_file_perms; | ||
|
||
allow updater_app ota_package_file:dir create_dir_perms; | ||
allow updater_app ota_package_file:file create_file_perms; | ||
|
||
get_prop(updater_app, default_prop) | ||
get_prop(updater_app, exported2_default_prop) |