diff options
Diffstat (limited to 'sepolicy/cpboot-daemon.te')
| -rw-r--r-- | sepolicy/cpboot-daemon.te | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sepolicy/cpboot-daemon.te b/sepolicy/cpboot-daemon.te new file mode 100644 index 0000000..c1bea9d --- /dev/null +++ b/sepolicy/cpboot-daemon.te @@ -0,0 +1,16 @@ +allow cpboot-daemon cbd_device:chr_file create_file_perms; +allow cpboot-daemon cgroup:dir { create add_name }; +allow cpboot-daemon device:dir { write add_name }; +allow cpboot-daemon efs_file:file { read write open }; +allow cpboot-daemon efs_block_device:blk_file r_file_perms; +allow cpboot-daemon radio_device:chr_file rw_file_perms; +allow cpboot-daemon self:capability setuid; +allow cpboot-daemon { block_device efs_file }:dir search; + +# Talk to init over the property socket +unix_socket_connect(cpboot-daemon, property, init) + +allow cpboot-daemon radio_prop:property_service set; + +# neverallow failures - FIX ME if needed +# allow cpboot-daemon self:capability mknod; |