From 491824c82435b9e22aa95da3e8a554956e3d74b6 Mon Sep 17 00:00:00 2001 From: Ziyan Date: Fri, 4 Mar 2016 03:48:25 +0100 Subject: libsensors: fix selinux denials Moved geomagneticd calibration data to /data/sensors to allow relabeling it. Change-Id: Ibe596b5903aa309f862a568b9876e79acaff5d19 --- libsensors/geomagneticd/geomagneticd.h | 4 ++-- rootdir/etc/init.tab2.rc | 3 +++ sepolicy/file.te | 2 +- sepolicy/file_contexts | 2 +- sepolicy/geomagneticd.te | 17 +++++++++++------ sepolicy/orientationd.te | 6 +++--- 6 files changed, 21 insertions(+), 13 deletions(-) diff --git a/libsensors/geomagneticd/geomagneticd.h b/libsensors/geomagneticd/geomagneticd.h index 72afbc4..71f9dcb 100644 --- a/libsensors/geomagneticd/geomagneticd.h +++ b/libsensors/geomagneticd/geomagneticd.h @@ -27,8 +27,8 @@ #ifndef _GEOMAGNETICD_H_ #define _GEOMAGNETICD_H_ -#define GEOMAGNETICD_CONFIG_PATH "/data/system/yas.cfg" -#define GEOMAGNETICD_CONFIG_BACKUP_PATH "/data/system/yas-backup.cfg" +#define GEOMAGNETICD_CONFIG_PATH "/data/sensors/yas.cfg" +#define GEOMAGNETICD_CONFIG_BACKUP_PATH "/data/sensors/yas-backup.cfg" struct geomagneticd_data { int magnetic_extrema[2][3]; diff --git a/rootdir/etc/init.tab2.rc b/rootdir/etc/init.tab2.rc index e23e5c3..fb87c16 100644 --- a/rootdir/etc/init.tab2.rc +++ b/rootdir/etc/init.tab2.rc @@ -57,6 +57,9 @@ on post-fs-data mkdir /data/misc/wifi 0770 wifi system mkdir /data/misc/wifi/sockets 0770 wifi wifi + # sensors + mkdir /data/sensors 0770 system system + # dmrpc mkdir /data/smc 0770 drmrpc drmrpc chown drmrpc drmrpc /data/smc/counter.bin diff --git a/sepolicy/file.te b/sepolicy/file.te index 62633e5..bb32694 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,3 +1,3 @@ # Filesystem types -type sensor_data_file, file_type, data_file_type; +type sensors_data_file, file_type, data_file_type; type firmware_ducati, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 8d9d1dd..2161cde 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -14,7 +14,7 @@ /system/bin/gpsd u:object_r:gpsd_exec:s0 # Sensors -/data/system/yas*.cfg u:object_r:sensor_data_file:s0 +/data/sensors(/.*)? u:object_r:sensors_data_file:s0 /system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 /system/bin/orientationd u:object_r:orientationd_exec:s0 diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te index fe1dd42..ddfa01e 100644 --- a/sepolicy/geomagneticd.te +++ b/sepolicy/geomagneticd.te @@ -4,9 +4,14 @@ type geomagneticd_exec, exec_type, file_type; init_daemon_domain(geomagneticd) -allow geomagneticd input_device:chr_file { read open ioctl }; -allow geomagneticd input_device:dir { search read open }; -allow geomagneticd self:process { execmem }; -allow geomagneticd sensor_data_file:dir { write add_name remove_name create }; -allow geomagneticd sensor_data_file:file { create open read write getattr setattr rename }; -allow geomagneticd sysfs:file { write }; +# the sensor is an input device +allow geomagneticd input_device:chr_file rw_file_perms; +allow geomagneticd input_device:dir r_dir_perms; + +# store/read calibration data +allow geomagneticd sensors_data_file:dir w_dir_perms; +allow geomagneticd sensors_data_file:file create_file_perms; + +# read/write calibration offsets +# TODO: create own label +allow geomagneticd sysfs:file write; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te index 672c473..9db61a5 100644 --- a/sepolicy/orientationd.te +++ b/sepolicy/orientationd.te @@ -4,6 +4,6 @@ type orientationd_exec, exec_type, file_type; init_daemon_domain(orientationd) -allow orientationd input_device:chr_file { read write open ioctl }; -allow orientationd input_device:dir { search read open }; -allow orientationd self:process { execmem }; +# the sensor is an input device +allow orientationd input_device:chr_file rw_file_perms; +allow orientationd input_device:dir r_dir_perms; -- cgit v1.1