首頁 探索 說明
註冊 登入
drachfly
/
android10
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 6b68537209
分支列表 標籤列表
android10
/
system
/
sepolicy
/
public
/
recovery_refresh.te

recovery_refresh.te 794 B
文件歷史 原始文件

123456789101112131415161718192021222324 
  1. # android recovery refresh log manager
    2. 

  2. type recovery_refresh, domain;
    3. 

  3. type recovery_refresh_exec, system_file_type, exec_type, file_type;
    4. 

  4. 

  5. allow recovery_refresh pstorefs:dir search;
    6. 

  6. allow recovery_refresh pstorefs:file r_file_perms;
    7. 

  7. # NB: domain inherits write_logd which hands us write to pmsg_device
    8. 

  8. 

  9. ###
    10. 

  10. ### Neverallow rules
    11. 

  11. ###
    12. 

  12. ### recovery_refresh should NEVER do any of this
    13. 

  13. 

  14. # Block device access.
    15. 

  15. neverallow recovery_refresh dev_type:blk_file { read write };
    16. 

  16. 

  17. # ptrace any other app
    18. 

  18. neverallow recovery_refresh domain:process ptrace;
    19. 

  19. 

  20. # Write to /system.
    21. 

  21. neverallow recovery_refresh system_file:dir_file_class_set write;
    22. 

  22. 

  23. # Write to files in /data/data or system files on /data
    24. 

  24. neverallow recovery_refresh { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
    25.