diff options
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/dock_kbd_attach.te | 5 | ||||
| -rw-r--r-- | selinux/domain.te | 2 | ||||
| -rw-r--r-- | selinux/file_contexts | 10 | ||||
| -rw-r--r-- | selinux/geomagneticd.te | 5 | ||||
| -rw-r--r-- | selinux/gpsd.te | 6 | ||||
| -rw-r--r-- | selinux/init.te | 5 | ||||
| -rw-r--r-- | selinux/orientationd.te | 5 | ||||
| -rw-r--r-- | selinux/pvrsrvinit.te | 2 | ||||
| -rw-r--r-- | selinux/smc_pa.te | 5 |
9 files changed, 43 insertions, 2 deletions
diff --git a/selinux/dock_kbd_attach.te b/selinux/dock_kbd_attach.te new file mode 100644 index 0000000..4858f15 --- /dev/null +++ b/selinux/dock_kbd_attach.te @@ -0,0 +1,5 @@ +# dock_kbd_attach +type dock_kbd_attach, domain; +type dock_kbd_attach_exec, exec_type, file_type; + +init_daemon_domain(dock_kbd_attach) diff --git a/selinux/domain.te b/selinux/domain.te index ebb4d8b..98b0e6b 100644 --- a/selinux/domain.te +++ b/selinux/domain.te @@ -1,5 +1,5 @@ ## Pvrsrvinit -allow domain powervr_device:chr_file rw_file_perms; +# allow domain powervr_device:chr_file rw_file_perms; ## Firmwares allow ueventd { firmware_ducati }:file r_file_perms; diff --git a/selinux/file_contexts b/selinux/file_contexts index c928bb0..6027ea4 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -16,14 +16,22 @@ # GPS /dev/ttyO0 u:object_r:gps_device:s0 +/system/bin/gpsd u:object_r:gpsd_exec:s0 + +# Sensors +/system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 +/system/bin/orientationd u:object_r:orientationd_exec:s0 # Wifi /dev/rfkill u:object_r:rfkill_device:s0 /efs/wifi/.mac.info u:object_r:wifi_data_file:s0 # System binaries -/system/vendor/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0 +/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0 /system/vendor/bin/pvrsrvctl_SGX540_120 u:object_r:pvrsrvinit_exec:s0 +/system/bin/dock_kbd_attach u:object_r:dock_kbd_attach_exec:s0 +/system/bin/smc_pa_ctrl u:object_r:smc_pa_exec:s0 + # Firmwares /system/vendor/firmware/ducati-m3.bin u:object_r:firmware_ducati:s0 diff --git a/selinux/geomagneticd.te b/selinux/geomagneticd.te new file mode 100644 index 0000000..c286497 --- /dev/null +++ b/selinux/geomagneticd.te @@ -0,0 +1,5 @@ +# geomagneticd +type geomagneticd, domain; +type geomagneticd_exec, exec_type, file_type; + +init_daemon_domain(geomagneticd) diff --git a/selinux/gpsd.te b/selinux/gpsd.te new file mode 100644 index 0000000..36b93fb --- /dev/null +++ b/selinux/gpsd.te @@ -0,0 +1,6 @@ +# gpsd - GPS daemon +type gpsd, domain; +type gpsd_exec, exec_type, file_type; + +init_daemon_domain(gpsd) +net_domain(gpsd) diff --git a/selinux/init.te b/selinux/init.te new file mode 100644 index 0000000..23a3621 --- /dev/null +++ b/selinux/init.te @@ -0,0 +1,5 @@ +#init + +allow init self:process execmem; +allow init self:capability sys_module; + diff --git a/selinux/orientationd.te b/selinux/orientationd.te new file mode 100644 index 0000000..284b0cb --- /dev/null +++ b/selinux/orientationd.te @@ -0,0 +1,5 @@ +# orientationd +type orientationd, domain; +type orientationd_exec, exec_type, file_type; + +init_daemon_domain(orientationd) diff --git a/selinux/pvrsrvinit.te b/selinux/pvrsrvinit.te index d35bac9..ae1ee0b 100644 --- a/selinux/pvrsrvinit.te +++ b/selinux/pvrsrvinit.te @@ -11,3 +11,5 @@ allow pvrsrvinit shell_exec:file rx_file_perms; allow pvrsrvinit pvrsrvinit_exec:file rx_file_perms; allow pvrsrvinit property_socket:sock_file write; allow pvrsrvinit init:unix_stream_socket connectto; +allow pvrsrvinit block_device:dir search; +allow pvrsrvinit gpu_device:chr_file { read write ioctl open }; diff --git a/selinux/smc_pa.te b/selinux/smc_pa.te new file mode 100644 index 0000000..b836ec6 --- /dev/null +++ b/selinux/smc_pa.te @@ -0,0 +1,5 @@ +# smc_pa +type smc_pa, domain; +type smc_pa_exec, exec_type, file_type; + +init_daemon_domain(smc_pa) |