On 06/11/2014 04:38 PM, Dinesh Garg wrote:
>>>If you know the partition number at build time
> No. Suppose I have a device which has some build loaded. Now, I update
> just HLOS images i.e. boot, system, userdata. This would not change
> pre-flashed partition tables. Hence, I can't use any build time option
> to generate the rule.
>
> However while device is coming up, we know what this link points to. Is
> it possible to assign label to device that time?
>
> Example: static policy would have:
>
> allow daemon1 mylabel:chr_file {op1, op2, ...}
>
> Now when device comes up, I get that /mypartition is pointing to
> /dev/block/mmcblk0p0N. So If I am able to apply label
> to /dev/block/mmcblk0p0N during runtime, everything should be fine.
(restored cc line for list)
I suppose we could have a variant of restorecon that uses getfilecon()
and setfilecon() rather than lgetfilecon() and lsetfilecon() so that you
could invoke it from init.<board>.rc on /mypartition and it would use
the provided pathname for lookup but apply the label to whatever is
referenced by the symlink named by that pathname. Is that good enough
or do you need this to be done for all device nodes automatically when
created by ueventd?
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
