projects / GitHub / LineageOS / android_device_samsung_universal7580-common.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
universal7580: Force restorecon for /efs
[GitHub/LineageOS/android_device_samsung_universal7580-common.git] / sepolicy / vendor_toolbox.te
1 type vendor_toolbox, domain;
2
3 init_daemon_domain(vendor_toolbox)
4
5 # For the use of /vendor/bin/toybox_vendor from vendor init.rc fragments
6 domain_trans(init, vendor_toolbox_exec, vendor_toolbox)
7
8 # Allow vendor_toolbox to use these capabilities
9 #allow vendor_toolbox self:capability { sys_admin };
10
11 # Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
12 allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
13
14 # Allow vendor_toolbox to read directories in rootfs
15 allow vendor_toolbox rootfs:dir r_dir_perms;
16
17 # Allow vendor_toolbox to remove "security.*" xattrs from /efs
18 allow vendor_toolbox {
19 app_efs_file
20 battery_efs_file
21 bluetooth_efs_file
22 efs_file
23 imei_efs_file
24 prov_efs_file
25 wifi_efs_file
26 unlabeled
27 }:dir { r_dir_perms setattr };
28
29 allow vendor_toolbox {
30 app_efs_file
31 baro_delta_factoryapp_efs_file
32 battery_efs_file
33 bin_nv_data_efs_file
34 bluetooth_efs_file
35 cpk_efs_file
36 efs_file
37 factorymode_factoryapp_efs_file
38 imei_efs_file
39 prov_efs_file
40 radio_factoryapp_efs_file
41 sensor_factoryapp_efs_file
42 wifi_efs_file
43 unlabeled
44 }:file { r_file_perms setattr };