hal_bootctl.te revision 051bcb37133dba600512654a87dc1371f40191b2
1# These are the permissions required to use the boot_control HAL implemented 2# here: hardware/qcom/bootctrl/boot_control.c 3 4# Getting and setting GPT attributes for the bootloader iterates over all the 5# partition names in the block_device directory /dev/block/.../by-name 6allow hal_bootctl block_device:dir r_dir_perms; 7 8# Edit the attributes stored in the GPT. 9allow hal_bootctl gpt_block_device:blk_file rw_file_perms; 10allow hal_bootctl ab_block_device:blk_file getattr; 11allow hal_bootctl boot_block_device:blk_file rw_file_perms; 12allow hal_bootctl modem_block_device:blk_file getattr; 13allow hal_bootctl system_block_device:blk_file getattr; 14allow hal_bootctl misc_block_device:blk_file rw_file_perms; 15 16# Access /dev/sgN devices (generic SCSI) to write the 17# A/B slot selection for the XBL partition. Allow also to issue a 18# UFS_IOCTL_QUERY ioctl. 19allow hal_bootctl sg_device:chr_file rw_file_perms; 20allow hal_bootctl self:capability sys_admin; 21allow hal_bootctl tmpfs:lnk_file r_file_perms; 22 23# Read the sysfs to lookup what /dev/sgN device 24# corresponds to the XBL partitions. 25allow hal_bootctl sysfs:dir r_dir_perms; 26 27# Write to the XBL devices. 28allow hal_bootctl xbl_block_device:blk_file rw_file_perms; 29 30# Expose a socket for brokered boot message access for hal_oemlock. 31allow hal_bootctl hal_bootctl_socket:sock_file create_file_perms; 32