diff options
Diffstat (limited to 'target/board/generic')
| -rw-r--r-- | target/board/generic/BoardConfig.mk | 2 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/file_contexts | 2 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/goldfish_logcat.te | 10 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/goldfish_setup.te | 12 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/init.te | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/logd.te | 11 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/property.te | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/property_contexts | 1 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/qemu_props.te | 5 | ||||
| -rw-r--r-- | target/board/generic/sepolicy/qemud.te | 2 |
10 files changed, 30 insertions, 17 deletions
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk index 393492b..fb6c920 100644 --- a/target/board/generic/BoardConfig.mk +++ b/target/board/generic/BoardConfig.mk @@ -68,7 +68,7 @@ USE_OPENGL_RENDERER := true VSYNC_EVENT_PHASE_OFFSET_NS := 0 TARGET_USERIMAGES_USE_EXT4 := true -BOARD_SYSTEMIMAGE_PARTITION_SIZE := 576716800 +BOARD_SYSTEMIMAGE_PARTITION_SIZE := 786432000 BOARD_USERDATAIMAGE_PARTITION_SIZE := 576716800 BOARD_CACHEIMAGE_PARTITION_SIZE := 69206016 BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4 diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts index 444a47f..d057dc3 100644 --- a/target/board/generic/sepolicy/file_contexts +++ b/target/board/generic/sepolicy/file_contexts @@ -1,8 +1,10 @@ /dev/block/mtdblock0 u:object_r:system_block_device:s0 /dev/block/mtdblock1 u:object_r:userdata_block_device:s0 /dev/block/mtdblock2 u:object_r:cache_block_device:s0 +/dev/goldfish_pipe u:object_r:qemu_device:s0 /dev/qemu_.* u:object_r:qemu_device:s0 /dev/socket/qemud u:object_r:qemud_socket:s0 +/dev/ttyGF[0-9]* u:object_r:serial_device:s0 /system/bin/qemud u:object_r:qemud_exec:s0 /sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0 /system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0 diff --git a/target/board/generic/sepolicy/goldfish_logcat.te b/target/board/generic/sepolicy/goldfish_logcat.te deleted file mode 100644 index a785355..0000000 --- a/target/board/generic/sepolicy/goldfish_logcat.te +++ /dev/null @@ -1,10 +0,0 @@ -# goldfish-logcat service: runs logcat -Q -type goldfish_logcat, domain; - -domain_auto_trans(init, logcat_exec, goldfish_logcat) - -# Read from logd. -read_logd(goldfish_logcat) - -# Write to /dev/ttyS2 -allow goldfish_logcat serial_device:chr_file { write open }; diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te index 584731e..3fb79e7 100644 --- a/target/board/generic/sepolicy/goldfish_setup.te +++ b/target/board/generic/sepolicy/goldfish_setup.te @@ -13,6 +13,12 @@ allow goldfish_setup self:capability { net_admin net_raw }; allow goldfish_setup self:udp_socket create_socket_perms; # Set net.eth0.dns*, debug.sf.nobootanimation -unix_socket_connect(goldfish_setup, property, init) -allow goldfish_setup system_prop:property_service set; -allow goldfish_setup debug_prop:property_service set; +set_prop(goldfish_setup, system_prop) +set_prop(goldfish_setup, debug_prop) + +# Set ro.radio.noril +set_prop(goldfish_setup, radio_noril_prop) + +# Stop ril-daemon service (by setting ctl.stop to ril-daemon, which +# transforms to a permission check on ctl.ril-daemon). +set_prop(goldfish_setup, ctl_rildaemon_prop) diff --git a/target/board/generic/sepolicy/init.te b/target/board/generic/sepolicy/init.te new file mode 100644 index 0000000..3aa81d1 --- /dev/null +++ b/target/board/generic/sepolicy/init.te @@ -0,0 +1 @@ +allow init tmpfs:lnk_file create_file_perms; diff --git a/target/board/generic/sepolicy/logd.te b/target/board/generic/sepolicy/logd.te new file mode 100644 index 0000000..b3e60d7 --- /dev/null +++ b/target/board/generic/sepolicy/logd.te @@ -0,0 +1,11 @@ +# goldfish logcat service: runs logcat -Q in logd domain + +# See global logd.te, these only set for eng & userdebug, allow for all builds + +domain_auto_trans(init, logcat_exec, logd) + +# Read from logd. +read_logd(logd) + +# Write to /dev/ttyS2 and /dev/ttyGF2. +allow logd serial_device:chr_file { write open }; diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te index b3d15f8..b316d08 100644 --- a/target/board/generic/sepolicy/property.te +++ b/target/board/generic/sepolicy/property.te @@ -1 +1,2 @@ type qemu_prop, property_type; +type radio_noril_prop, property_type; diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts index 5f741f8..09b9b06 100644 --- a/target/board/generic/sepolicy/property_contexts +++ b/target/board/generic/sepolicy/property_contexts @@ -1 +1,2 @@ qemu. u:object_r:qemu_prop:s0 +radio.noril u:object_r:radio_noril_prop:s0 diff --git a/target/board/generic/sepolicy/qemu_props.te b/target/board/generic/sepolicy/qemu_props.te index 05c7461..4a91c4c 100644 --- a/target/board/generic/sepolicy/qemu_props.te +++ b/target/board/generic/sepolicy/qemu_props.te @@ -5,5 +5,6 @@ type qemu_props_exec, exec_type, file_type; init_daemon_domain(qemu_props) # Set properties. -unix_socket_connect(qemu_props, property, init) -allow qemu_props { qemu_prop dalvik_prop config_prop }:property_service set; +set_prop(qemu_props, qemu_prop) +set_prop(qemu_props, dalvik_prop) +set_prop(qemu_props, config_prop) diff --git a/target/board/generic/sepolicy/qemud.te b/target/board/generic/sepolicy/qemud.te index 41f2065..eee21c4 100644 --- a/target/board/generic/sepolicy/qemud.te +++ b/target/board/generic/sepolicy/qemud.te @@ -4,5 +4,5 @@ type qemud_exec, exec_type, file_type; init_daemon_domain(qemud) -# Access /dev/ttyS1. +# Access /dev/ttyS1 and /dev/ttyGF1. allow qemud serial_device:chr_file rw_file_perms; |