xref: /aosp_15_r20/system/sepolicy/prebuilts/api/31.0/private/linkerconfig.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Workertype linkerconfig, domain, coredomain;
2*e4a36f41SAndroid Build Coastguard Workertype linkerconfig_exec, exec_type, file_type, system_file_type;
3*e4a36f41SAndroid Build Coastguard Worker
4*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(linkerconfig)
5*e4a36f41SAndroid Build Coastguard Worker
6*e4a36f41SAndroid Build Coastguard Worker## Read and write linkerconfig subdirectory.
7*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig linkerconfig_file:dir create_dir_perms;
8*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig linkerconfig_file:file create_file_perms;
9*e4a36f41SAndroid Build Coastguard Worker
10*e4a36f41SAndroid Build Coastguard Worker# Allow linkerconfig to log to the kernel.
11*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig kmsg_device:chr_file w_file_perms;
12*e4a36f41SAndroid Build Coastguard Worker
13*e4a36f41SAndroid Build Coastguard Worker# Allow linkerconfig to be invoked with logwrapper from init.
14*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig devpts:chr_file { read write };
15*e4a36f41SAndroid Build Coastguard Worker
16*e4a36f41SAndroid Build Coastguard Worker# Allow linkerconfig to scan for apex modules
17*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig apex_mnt_dir:dir r_dir_perms;
18*e4a36f41SAndroid Build Coastguard Worker
19*e4a36f41SAndroid Build Coastguard Worker# Allow linkerconfig to read apex-info-list.xml
20*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig apex_info_file:file r_file_perms;
21*e4a36f41SAndroid Build Coastguard Worker
22*e4a36f41SAndroid Build Coastguard Worker# Allow linkerconfig to be called in the otapreopt_chroot
23*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig otapreopt_chroot:fd use;
24*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig postinstall_apex_mnt_dir:dir r_dir_perms;
25*e4a36f41SAndroid Build Coastguard Workerallow linkerconfig postinstall_apex_mnt_dir:file r_file_perms;
26*e4a36f41SAndroid Build Coastguard Worker
27*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -init -linkerconfig -otapreopt_chroot } linkerconfig_exec:file no_x_file_perms;
28