diff options
| author | Andreas Blaesius <skate4life@gmx.de> | 2015-07-31 11:50:02 -0700 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2015-07-31 11:52:08 -0700 |
| commit | c6c2070a9a2dff0c3aa17b1bbe97b84c70280a22 (patch) | |
| tree | b7fb6fe521f78ef5ae6c23c6f0cba43d4cf52583 | |
| parent | d9b58b74350bfa8ef34b5634d847097708bb0446 (diff) | |
| download | device_samsung_espressowifi-c6c2070a9a2dff0c3aa17b1bbe97b84c70280a22.zip device_samsung_espressowifi-c6c2070a9a2dff0c3aa17b1bbe97b84c70280a22.tar.gz device_samsung_espressowifi-c6c2070a9a2dff0c3aa17b1bbe97b84c70280a22.tar.bz2 | |
P31XX: update SELinux Policy
Change-Id: I043758b0ddb617240824695136133c7f4f1f1673
Todo: for gps.te - Label with gps_data_file, somehow this doesn't get relabeled at the moment.
| -rw-r--r-- | BoardConfigCommon.mk | 3 | ||||
| -rw-r--r-- | sepolicy/geomagneticd.te | 1 | ||||
| -rw-r--r-- | sepolicy/gpsd.te | 10 | ||||
| -rw-r--r-- | sepolicy/orientationd.te | 1 | ||||
| -rw-r--r-- | sepolicy/sysinit.te | 2 |
5 files changed, 9 insertions, 8 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 64cf46a..4d2c5b0 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -102,7 +102,8 @@ BOARD_SEPOLICY_UNION += \ geomagneticd.te \ orientationd.te \ gpsd.te \ - smc_pa.te + smc_pa.te \ + sysinit.te # Recovery TARGET_RECOVERY_PIXEL_FORMAT := "BGRA_8888" diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te index 297dd33..fe1dd42 100644 --- a/sepolicy/geomagneticd.te +++ b/sepolicy/geomagneticd.te @@ -4,6 +4,7 @@ type geomagneticd_exec, exec_type, file_type; init_daemon_domain(geomagneticd) +allow geomagneticd input_device:chr_file { read open ioctl }; allow geomagneticd input_device:dir { search read open }; allow geomagneticd self:process { execmem }; allow geomagneticd sensor_data_file:dir { write add_name remove_name create }; diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te index cefe836..6fabca6 100644 --- a/sepolicy/gpsd.te +++ b/sepolicy/gpsd.te @@ -3,10 +3,6 @@ allow gpsd rild:unix_stream_socket { connectto }; allow gpsd self:process { execmem }; allow gpsd sysfs_wake_lock:file { read write }; -#Label with gps_data_file -type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_jni"; -type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_gpsd"; -type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni"; -type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd"; -allow gpsd gps_data_file:fifo_file create_file_perms; -allow gpsd gps_data_file:dir { add_name write }; +# TODO - Label with gps_data_file +allow gpsd system_data_file:dir { write add_name }; +allow gpsd system_data_file:fifo_file { create setattr write open }; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te index 934f075..672c473 100644 --- a/sepolicy/orientationd.te +++ b/sepolicy/orientationd.te @@ -4,5 +4,6 @@ type orientationd_exec, exec_type, file_type; init_daemon_domain(orientationd) +allow orientationd input_device:chr_file { read write open ioctl }; allow orientationd input_device:dir { search read open }; allow orientationd self:process { execmem }; diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te new file mode 100644 index 0000000..2907f73 --- /dev/null +++ b/sepolicy/sysinit.te @@ -0,0 +1,2 @@ +# sysinit +allow sysinit surfaceflinger_exec:file { getattr }; |