diff options
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/device.te | 3 | ||||
-rw-r--r-- | sepolicy/dock_kbd_attach.te | 8 | ||||
-rw-r--r-- | sepolicy/file.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 19 | ||||
-rw-r--r-- | sepolicy/geomagneticd.te | 11 | ||||
-rw-r--r-- | sepolicy/gpsd.te | 12 | ||||
-rw-r--r-- | sepolicy/orientationd.te | 8 | ||||
-rw-r--r-- | sepolicy/smc_pa.te | 8 |
8 files changed, 71 insertions, 0 deletions
diff --git a/sepolicy/device.te b/sepolicy/device.te new file mode 100644 index 0000000..d938e5e --- /dev/null +++ b/sepolicy/device.te @@ -0,0 +1,3 @@ +# Device types +type dock_device, dev_type; +type smc_device, dev_type; diff --git a/sepolicy/dock_kbd_attach.te b/sepolicy/dock_kbd_attach.te new file mode 100644 index 0000000..267763a --- /dev/null +++ b/sepolicy/dock_kbd_attach.te @@ -0,0 +1,8 @@ +# dock_kbd_attach +type dock_kbd_attach, domain; +type dock_kbd_attach_exec, exec_type, file_type; + +init_daemon_domain(dock_kbd_attach) + +allow dock_kbd_attach dock_device:chr_file { open read write ioctl }; +allow dock_kbd_attach self:capability { sys_admin };
\ No newline at end of file diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..ee55a50 --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1,2 @@ +# Filesystem types +type sensor_data_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..58bf32a --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,19 @@ +# Dock +/dev/ttyO3 u:object_r:dock_device:s0 +/system/bin/dock_kbd_attach u:object_r:dock_kbd_attach_exec:s0 + +# DRM +/dev/tf_ctrl u:object_r:smc_device:s0 +/system/bin/smc_pa_ctrl u:object_r:smc_pa_exec:s0 + +# EFS +/dev/block/mmcblk0p1 u:object_r:efs_block_device:s0 +/dev/block/mmcblk0p8 u:object_r:efs_block_device:s0 + +# GPS +/system/bin/gpsd u:object_r:gpsd_exec:s0 + +# Sensors +/data/system/yas*.cfg u:object_r:sensor_data_file:s0 +/system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 +/system/bin/orientationd u:object_r:orientationd_exec:s0 diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te new file mode 100644 index 0000000..297dd33 --- /dev/null +++ b/sepolicy/geomagneticd.te @@ -0,0 +1,11 @@ +# geomagneticd +type geomagneticd, domain; +type geomagneticd_exec, exec_type, file_type; + +init_daemon_domain(geomagneticd) + +allow geomagneticd input_device:dir { search read open }; +allow geomagneticd self:process { execmem }; +allow geomagneticd sensor_data_file:dir { write add_name remove_name create }; +allow geomagneticd sensor_data_file:file { create open read write getattr setattr rename }; +allow geomagneticd sysfs:file { write }; diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te new file mode 100644 index 0000000..cefe836 --- /dev/null +++ b/sepolicy/gpsd.te @@ -0,0 +1,12 @@ +# gpsd - GPS daemon +allow gpsd rild:unix_stream_socket { connectto }; +allow gpsd self:process { execmem }; +allow gpsd sysfs_wake_lock:file { read write }; + +#Label with gps_data_file +type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_jni"; +type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_gpsd"; +type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni"; +type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd"; +allow gpsd gps_data_file:fifo_file create_file_perms; +allow gpsd gps_data_file:dir { add_name write }; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te new file mode 100644 index 0000000..934f075 --- /dev/null +++ b/sepolicy/orientationd.te @@ -0,0 +1,8 @@ +# orientationd +type orientationd, domain; +type orientationd_exec, exec_type, file_type; + +init_daemon_domain(orientationd) + +allow orientationd input_device:dir { search read open }; +allow orientationd self:process { execmem }; diff --git a/sepolicy/smc_pa.te b/sepolicy/smc_pa.te new file mode 100644 index 0000000..de15f41 --- /dev/null +++ b/sepolicy/smc_pa.te @@ -0,0 +1,8 @@ +# smc_pa +type smc_pa, domain; +type smc_pa_exec, exec_type, file_type; + +init_daemon_domain(smc_pa) + +allow smc_pa self:capability { dac_override }; +allow smc_pa smc_device:chr_file { read write open ioctl }; |