diff options
| author | Andreas Blaesius <skate4life@gmx.de> | 2015-07-18 17:59:44 +0200 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2015-07-31 11:18:17 -0700 |
| commit | d9b58b74350bfa8ef34b5634d847097708bb0446 (patch) | |
| tree | 20ef8f8b9133ba44da7b93fafaa36f0e13acb564 /sepolicy | |
| parent | 1a5fa045b5cac4c39bc044d4c226ec9a3448116d (diff) | |
| download | device_samsung_espressowifi-d9b58b74350bfa8ef34b5634d847097708bb0446.zip device_samsung_espressowifi-d9b58b74350bfa8ef34b5634d847097708bb0446.tar.gz device_samsung_espressowifi-d9b58b74350bfa8ef34b5634d847097708bb0446.tar.bz2 | |
P31XX: Update SELinux Policies [2/2]
- Move common policies to omap4-common
- remove redundant seclabel in init.espresso.rc
- address some denials
Change-Id: I396215f3eb1316c3ba96e5eb98a03b98b77543fd
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/device.te | 3 | ||||
| -rw-r--r-- | sepolicy/dock_kbd_attach.te | 8 | ||||
| -rw-r--r-- | sepolicy/file.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 19 | ||||
| -rw-r--r-- | sepolicy/geomagneticd.te | 11 | ||||
| -rw-r--r-- | sepolicy/gpsd.te | 12 | ||||
| -rw-r--r-- | sepolicy/orientationd.te | 8 | ||||
| -rw-r--r-- | sepolicy/smc_pa.te | 8 |
8 files changed, 71 insertions, 0 deletions
diff --git a/sepolicy/device.te b/sepolicy/device.te new file mode 100644 index 0000000..d938e5e --- /dev/null +++ b/sepolicy/device.te @@ -0,0 +1,3 @@ +# Device types +type dock_device, dev_type; +type smc_device, dev_type; diff --git a/sepolicy/dock_kbd_attach.te b/sepolicy/dock_kbd_attach.te new file mode 100644 index 0000000..267763a --- /dev/null +++ b/sepolicy/dock_kbd_attach.te @@ -0,0 +1,8 @@ +# dock_kbd_attach +type dock_kbd_attach, domain; +type dock_kbd_attach_exec, exec_type, file_type; + +init_daemon_domain(dock_kbd_attach) + +allow dock_kbd_attach dock_device:chr_file { open read write ioctl }; +allow dock_kbd_attach self:capability { sys_admin };
\ No newline at end of file diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..ee55a50 --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1,2 @@ +# Filesystem types +type sensor_data_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..58bf32a --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,19 @@ +# Dock +/dev/ttyO3 u:object_r:dock_device:s0 +/system/bin/dock_kbd_attach u:object_r:dock_kbd_attach_exec:s0 + +# DRM +/dev/tf_ctrl u:object_r:smc_device:s0 +/system/bin/smc_pa_ctrl u:object_r:smc_pa_exec:s0 + +# EFS +/dev/block/mmcblk0p1 u:object_r:efs_block_device:s0 +/dev/block/mmcblk0p8 u:object_r:efs_block_device:s0 + +# GPS +/system/bin/gpsd u:object_r:gpsd_exec:s0 + +# Sensors +/data/system/yas*.cfg u:object_r:sensor_data_file:s0 +/system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 +/system/bin/orientationd u:object_r:orientationd_exec:s0 diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te new file mode 100644 index 0000000..297dd33 --- /dev/null +++ b/sepolicy/geomagneticd.te @@ -0,0 +1,11 @@ +# geomagneticd +type geomagneticd, domain; +type geomagneticd_exec, exec_type, file_type; + +init_daemon_domain(geomagneticd) + +allow geomagneticd input_device:dir { search read open }; +allow geomagneticd self:process { execmem }; +allow geomagneticd sensor_data_file:dir { write add_name remove_name create }; +allow geomagneticd sensor_data_file:file { create open read write getattr setattr rename }; +allow geomagneticd sysfs:file { write }; diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te new file mode 100644 index 0000000..cefe836 --- /dev/null +++ b/sepolicy/gpsd.te @@ -0,0 +1,12 @@ +# gpsd - GPS daemon +allow gpsd rild:unix_stream_socket { connectto }; +allow gpsd self:process { execmem }; +allow gpsd sysfs_wake_lock:file { read write }; + +#Label with gps_data_file +type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_jni"; +type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_gpsd"; +type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni"; +type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd"; +allow gpsd gps_data_file:fifo_file create_file_perms; +allow gpsd gps_data_file:dir { add_name write }; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te new file mode 100644 index 0000000..934f075 --- /dev/null +++ b/sepolicy/orientationd.te @@ -0,0 +1,8 @@ +# orientationd +type orientationd, domain; +type orientationd_exec, exec_type, file_type; + +init_daemon_domain(orientationd) + +allow orientationd input_device:dir { search read open }; +allow orientationd self:process { execmem }; diff --git a/sepolicy/smc_pa.te b/sepolicy/smc_pa.te new file mode 100644 index 0000000..de15f41 --- /dev/null +++ b/sepolicy/smc_pa.te @@ -0,0 +1,8 @@ +# smc_pa +type smc_pa, domain; +type smc_pa_exec, exec_type, file_type; + +init_daemon_domain(smc_pa) + +allow smc_pa self:capability { dac_override }; +allow smc_pa smc_device:chr_file { read write open ioctl }; |