From 97566a8ce877498dae91fd888b8d8a538e33b54d Mon Sep 17 00:00:00 2001 From: cheng_jinsong Date: Tue, 7 Mar 2023 18:06:36 -0800 Subject: [PATCH] add partitionslot selinux policy Signed-off-by: cheng_jinsong Change-Id: Iba1bb1e982acf11365e56440e478f817238ad823 --- sepolicy/base/public/domain.te | 2 +- .../ohos_policy/drivers/peripheral/partitionslot/vendor/init.te | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/sepolicy/base/public/domain.te b/sepolicy/base/public/domain.te index 07f8ec857..37178fd9c 100644 --- a/sepolicy/base/public/domain.te +++ b/sepolicy/base/public/domain.te @@ -275,7 +275,7 @@ neverallow { domain -processdump -hap_domain } domain:process ptrace; # TODO:debug/release neverallow { domain -appspawn -init -ueventd -installs -storage_daemon -cap_violator_chown } self:{ capability cap_userns } chown; neverallow { domain -appspawn -init -ueventd -memmgrservice - debug_only(`-hdcd') -installs + debug_only(`-hdcd') -installs -partitionslot_host -storage_daemon -usb_host -cap_violator_dacoverride } self:{ capability cap_userns } dac_override; neverallow { domain -appspawn -init -hidumper_service -storage_daemon -hiprofiler_plugins debug_only(`-hdcd -hiperf') -cap_violator_dacreadsearch } self:{ capability cap_userns } dac_read_search; neverallow { domain -init -ueventd -installs -storage_daemon -cap_violator_fowner } self:{ capability cap_userns } fowner; diff --git a/sepolicy/ohos_policy/drivers/peripheral/partitionslot/vendor/init.te b/sepolicy/ohos_policy/drivers/peripheral/partitionslot/vendor/init.te index dd1c2d227..7be851d7a 100644 --- a/sepolicy/ohos_policy/drivers/peripheral/partitionslot/vendor/init.te +++ b/sepolicy/ohos_policy/drivers/peripheral/partitionslot/vendor/init.te @@ -12,3 +12,4 @@ # limitations under the License. allow init partitionslot_host:process { rlimitinh siginh transition }; +allow partitionslot_host partitionslot_host:capability { dac_override }; -- Gitee