Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-12-09 22:05:47 -05:00
Code Issues Projects Releases Packages Wiki Activity

Minor tweaks

Browse source 
- 14.1+15.1+16.0: enable kernel protections for files
 - protected_*: hardlinks, symlinks, fifos, regular
 - from GrapheneOS
- defconfig: enable more verity options
- cleanup
This commit is contained in:
Tad 2019-08-28 15:12:42 -04:00
parent db348ab09c
commit 057bedb65b
12 changed files with 62 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

27
Misc/16.0-recovery_audit2allow.txt Normal file
View file

@ -0,0 +1,27 @@
#============= init ==============
allow init rootfs:file create;
allow init rootfs:lnk_file setattr;
#============= recovery ==============
allow recovery pstorefs:dir search;
allow recovery pstorefs:file { open read };
allow recovery selinuxfs:file write;
allow recovery sysfs_devices_block:file { open write };
allow recovery sysfs_scsi_devices_0000:file { open write };
allow recovery sysfs_scsi_devices_other:file { open write };
#============= init ==============
allow init rootfs:file create;
#============= recovery ==============
allow recovery alarm_boot_prop:file { getattr open };
allow recovery alarm_handled_prop:file { getattr open };
allow recovery alarm_instance_prop:file { getattr open };
allow recovery bg_boot_complete_prop:file open;
allow recovery self:capability fsetid;
allow recovery self:capability2 syslog;
allow recovery selinuxfs:file write;
allow recovery sysfs_io_sched_tuneable:dir { open read search }