diff options
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/file.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/geomagneticd.te | 17 | ||||
| -rw-r--r-- | sepolicy/orientationd.te | 6 |
4 files changed, 16 insertions, 11 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te index 62633e5..bb32694 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,3 +1,3 @@ # Filesystem types -type sensor_data_file, file_type, data_file_type; +type sensors_data_file, file_type, data_file_type; type firmware_ducati, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 8d9d1dd..2161cde 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -14,7 +14,7 @@ /system/bin/gpsd u:object_r:gpsd_exec:s0 # Sensors -/data/system/yas*.cfg u:object_r:sensor_data_file:s0 +/data/sensors(/.*)? u:object_r:sensors_data_file:s0 /system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 /system/bin/orientationd u:object_r:orientationd_exec:s0 diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te index fe1dd42..ddfa01e 100644 --- a/sepolicy/geomagneticd.te +++ b/sepolicy/geomagneticd.te @@ -4,9 +4,14 @@ type geomagneticd_exec, exec_type, file_type; init_daemon_domain(geomagneticd) -allow geomagneticd input_device:chr_file { read open ioctl }; -allow geomagneticd input_device:dir { search read open }; -allow geomagneticd self:process { execmem }; -allow geomagneticd sensor_data_file:dir { write add_name remove_name create }; -allow geomagneticd sensor_data_file:file { create open read write getattr setattr rename }; -allow geomagneticd sysfs:file { write }; +# the sensor is an input device +allow geomagneticd input_device:chr_file rw_file_perms; +allow geomagneticd input_device:dir r_dir_perms; + +# store/read calibration data +allow geomagneticd sensors_data_file:dir w_dir_perms; +allow geomagneticd sensors_data_file:file create_file_perms; + +# read/write calibration offsets +# TODO: create own label +allow geomagneticd sysfs:file write; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te index 672c473..9db61a5 100644 --- a/sepolicy/orientationd.te +++ b/sepolicy/orientationd.te @@ -4,6 +4,6 @@ type orientationd_exec, exec_type, file_type; init_daemon_domain(orientationd) -allow orientationd input_device:chr_file { read write open ioctl }; -allow orientationd input_device:dir { search read open }; -allow orientationd self:process { execmem }; +# the sensor is an input device +allow orientationd input_device:chr_file rw_file_perms; +allow orientationd input_device:dir r_dir_perms; |