summaryrefslogtreecommitdiffstats
path: root/target/board/generic_x86/sepolicy
diff options
context:
space:
mode:
authordcashman <dcashman@google.com>2014-06-16 10:45:16 -0700
committerdcashman <dcashman@google.com>2014-06-16 10:45:16 -0700
commit097e840b062b5191dac757dc998cd072ac7f308a (patch)
tree7f086e069f729d6c12fa886b2cffe494037ea66c /target/board/generic_x86/sepolicy
parentb1b12f8ad49ecbba7dd6b9db2a0ca8fafa532d82 (diff)
downloadbuild-097e840b062b5191dac757dc998cd072ac7f308a.zip
build-097e840b062b5191dac757dc998cd072ac7f308a.tar.gz
build-097e840b062b5191dac757dc998cd072ac7f308a.tar.bz2
Revert "Allow all domains access to /dev/qemu_trace."
This reverts commit b1b12f8ad49ecbba7dd6b9db2a0ca8fafa532d82.
Diffstat (limited to 'target/board/generic_x86/sepolicy')
-rw-r--r--target/board/generic_x86/sepolicy/adbd.te1
-rw-r--r--target/board/generic_x86/sepolicy/app.te1
-rw-r--r--target/board/generic_x86/sepolicy/bootanim.te1
-rw-r--r--target/board/generic_x86/sepolicy/domain.te1
-rw-r--r--target/board/generic_x86/sepolicy/mediaserver.te1
-rw-r--r--target/board/generic_x86/sepolicy/rild.te1
-rw-r--r--target/board/generic_x86/sepolicy/surfaceflinger.te1
-rw-r--r--target/board/generic_x86/sepolicy/system_server.te1
-rw-r--r--target/board/generic_x86/sepolicy/zygote.te1
9 files changed, 8 insertions, 1 deletions
diff --git a/target/board/generic_x86/sepolicy/adbd.te b/target/board/generic_x86/sepolicy/adbd.te
new file mode 100644
index 0000000..f65cfb3
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/adbd.te
@@ -0,0 +1 @@
+allow adbd qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/app.te b/target/board/generic_x86/sepolicy/app.te
new file mode 100644
index 0000000..fd33453
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/app.te
@@ -0,0 +1 @@
+allow appdomain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/bootanim.te b/target/board/generic_x86/sepolicy/bootanim.te
new file mode 100644
index 0000000..762a573
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/bootanim.te
@@ -0,0 +1 @@
+allow bootanim qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
index c3161b3..c17950d 100644
--- a/target/board/generic_x86/sepolicy/domain.te
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -1,4 +1,3 @@
# For /sys/qemu_trace files in the emulator.
allow domain sysfs_writable:file rw_file_perms;
allow domain cpuctl_device:dir search;
-allow domain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/mediaserver.te b/target/board/generic_x86/sepolicy/mediaserver.te
new file mode 100644
index 0000000..90b8cf8
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/mediaserver.te
@@ -0,0 +1 @@
+allow mediaserver qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/rild.te b/target/board/generic_x86/sepolicy/rild.te
index e148b6c..5de171a 100644
--- a/target/board/generic_x86/sepolicy/rild.te
+++ b/target/board/generic_x86/sepolicy/rild.te
@@ -1 +1,2 @@
+allow rild qemu_device:chr_file rw_file_perms;
unix_socket_connect(rild, qemud, qemud)
diff --git a/target/board/generic_x86/sepolicy/surfaceflinger.te b/target/board/generic_x86/sepolicy/surfaceflinger.te
new file mode 100644
index 0000000..865405c
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/surfaceflinger.te
@@ -0,0 +1 @@
+allow surfaceflinger qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te
index 0ede971..9bfe5fe 100644
--- a/target/board/generic_x86/sepolicy/system_server.te
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -1,2 +1,3 @@
allow system_server self:process execmem;
unix_socket_connect(system_server, qemud, qemud)
+allow system_server qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te
index 93993a4..d34c4a1 100644
--- a/target/board/generic_x86/sepolicy/zygote.te
+++ b/target/board/generic_x86/sepolicy/zygote.te
@@ -1,2 +1,3 @@
allow zygote self:process execmem;
allow zygote self:capability sys_nice;
+allow zygote qemu_device:chr_file rw_file_perms;