hal_bootctl : Update sepolicy for hal_bootctl
-allow hal_bootctl_server to perform rawio
-In 'user' builds rawio is not allowed for hal_bootctl_server domain.
Change-Id: I78bedd7aba25a58aba68748b80a1ebf810990860
This commit is contained in:
Nirmal Kumar
2
generic/vendor/common/hal_bootctl.te
vendored
2
generic/vendor/common/hal_bootctl.te
vendored
@@ -63,7 +63,7 @@ dontaudit hal_bootctl self:capability sys_rawio;
|
||||
|
||||
#scsi driver does a capability check (CAP_SYS_RAWIO) when bootctl does
|
||||
# an ioctl to /dev/ufs-bsg .Adding this rule to avoid ioctl error.
|
||||
allow hal_bootctl self:capability { sys_rawio };
|
||||
allow hal_bootctl_server self:capability { sys_rawio };
|
||||
# Read the sysfs to lookup what /dev/sgN device
|
||||
# corresponds to the XBL partitions.
|
||||
allow hal_bootctl vendor_sysfs_scsi_target:dir r_dir_perms;
|
||||
|
||||
Reference in New Issue
Block a user