| commit | da992690fb1c3347615f6e74785247f0dc5c8240 | [log] [tgz] |
|---|---|---|
| author | Qijiang Fan <fqj@chromium.org> | Wed Nov 27 15:02:14 2019 +0900 |
| committer | Commit Bot <commit-bot@chromium.org> | Wed Jan 15 00:30:05 2020 +0000 |
| tree | 9dfdb7f1bea0d1223df6ac02b07dd8c1995662f8 | |
| parent | d1ceffb2aaf257d13802258e221d1e7c406131ed [diff] |
sepolicy: only cros_init* executes cros_periodic_scheduler_exec BUG=chromium:1028651 TEST=boot betty Change-Id: I589fd4828aa2af0cf758592d507dcc54798a192a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1939188 Tested-by: Qijiang Fan <fqj@google.com> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Qijiang Fan <fqj@google.com> (cherry picked from commit 5b4e6a9f0dcb0d5de3dd0eb4ab5b8b9e938e8be6) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2000279 Reviewed-by: Qijiang Fan <fqj@google.com> Auto-Submit: Qijiang Fan <fqj@google.com>
diff --git a/sepolicy/policy/chromeos/periodic/cros_periodic_scheduler.te b/sepolicy/policy/chromeos/periodic/cros_periodic_scheduler.te index eaef0ab..129d749 100644 --- a/sepolicy/policy/chromeos/periodic/cros_periodic_scheduler.te +++ b/sepolicy/policy/chromeos/periodic/cros_periodic_scheduler.te
@@ -17,6 +17,4 @@ allow cros_periodic_scheduler cros_periodic_scheduler_cache_t:file create_file_perms; allow cros_periodic_scheduler cros_periodic_scheduler_cache_t:dir create_dir_perms; -# TODO(fqj): use audit log to find out non-init executing periodic_scheduler -domain_auto_trans(chromeos_domain, cros_periodic_scheduler_exec, cros_periodic_scheduler); -auditallow { chromeos_domain -cros_init } cros_periodic_scheduler_exec:file execute; +domain_auto_trans({ cros_init cros_init_scripts }, cros_periodic_scheduler_exec, cros_periodic_scheduler);