From b8ca62b6e31bed24dd9f8e3162020d1de33b53d9 Mon Sep 17 00:00:00 2001 From: Andreas Blaesius Date: Sat, 29 Oct 2016 16:39:13 +0200 Subject: sepolicy: move custom policy into own subdir Change-Id: I1fe5e299159d206c9206452cfc490e81c2cc21b9 --- BoardConfigCM.mk | 4 ++++ sepolicy-custom/file_contexts | 2 ++ sepolicy-custom/property.te | 3 +++ sepolicy-custom/property_contexts | 2 ++ sepolicy-custom/variant_setup.te | 21 +++++++++++++++++++++ sepolicy/file_contexts | 3 --- sepolicy/property.te | 3 --- sepolicy/property_contexts | 2 -- sepolicy/variant_setup.te | 21 --------------------- 9 files changed, 32 insertions(+), 29 deletions(-) create mode 100644 sepolicy-custom/file_contexts create mode 100644 sepolicy-custom/property.te create mode 100644 sepolicy-custom/property_contexts create mode 100644 sepolicy-custom/variant_setup.te delete mode 100644 sepolicy/property.te delete mode 100644 sepolicy/property_contexts delete mode 100644 sepolicy/variant_setup.te diff --git a/BoardConfigCM.mk b/BoardConfigCM.mk index e36c6f3..4da4670 100644 --- a/BoardConfigCM.mk +++ b/BoardConfigCM.mk @@ -10,3 +10,7 @@ TARGET_PROVIDES_LIBLIGHT := true # Recovery TARGET_RECOVERY_DEVICE_DIRS += device/samsung/espressowifi BOARD_HAS_DOWNLOAD_MODE := true + +# SELinux +BOARD_SEPOLICY_DIRS += \ + device/samsung/espressowifi/sepolicy-custom diff --git a/sepolicy-custom/file_contexts b/sepolicy-custom/file_contexts new file mode 100644 index 0000000..d32d657 --- /dev/null +++ b/sepolicy-custom/file_contexts @@ -0,0 +1,2 @@ +# variant setup +/system/bin/init\.espresso\.variant\.sh u:object_r:variant_setup_exec:s0 diff --git a/sepolicy-custom/property.te b/sepolicy-custom/property.te new file mode 100644 index 0000000..a6ba71b --- /dev/null +++ b/sepolicy-custom/property.te @@ -0,0 +1,3 @@ +# hwrotation prop need a own type to be set on init.espreso.variants.sh, +# else it would conflict with a neverallow rule +type rotation_prop, property_type; diff --git a/sepolicy-custom/property_contexts b/sepolicy-custom/property_contexts new file mode 100644 index 0000000..69ad081 --- /dev/null +++ b/sepolicy-custom/property_contexts @@ -0,0 +1,2 @@ +# label hwrotation prop to set it on init.espreso.variants.sh +sf.hwrotation u:object_r:rotation_prop:s0 diff --git a/sepolicy-custom/variant_setup.te b/sepolicy-custom/variant_setup.te new file mode 100644 index 0000000..b4072ca --- /dev/null +++ b/sepolicy-custom/variant_setup.te @@ -0,0 +1,21 @@ +# Variant-Setup script (init.espresso.variant.sh) +type variant_setup, domain; +type variant_setup_exec, exec_type, file_type; + +init_daemon_domain(variant_setup) + +# Run init.espresso.variant.sh +allow variant_setup shell_exec:file rx_file_perms; +allow variant_setup variant_setup_exec:file rx_file_perms; + +# Talk to init over the property socket +unix_socket_connect(variant_setup, property, init) + +# Allow getprop/setprop for init.espresso.variant.sh +allow variant_setup system_file:file execute_no_trans; +allow variant_setup rotation_prop:property_service set; + +# Set accelerometer and geomagnetic position via sysfs +allow variant_setup sysfs:file write; + +allow variant_setup self:capability dac_override; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 130d760..2e67789 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -28,9 +28,6 @@ # Firmwares /system/vendor/firmware/ducati-m3.bin u:object_r:firmware_ducati:s0 -# variant setup -/system/bin/init\.espresso\.variant\.sh u:object_r:variant_setup_exec:s0 - # Block devices /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/platform/omap/omap_hsmmc.1/by-name/EFS u:object_r:efs_block_device:s0 diff --git a/sepolicy/property.te b/sepolicy/property.te deleted file mode 100644 index a6ba71b..0000000 --- a/sepolicy/property.te +++ /dev/null @@ -1,3 +0,0 @@ -# hwrotation prop need a own type to be set on init.espreso.variants.sh, -# else it would conflict with a neverallow rule -type rotation_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts deleted file mode 100644 index 69ad081..0000000 --- a/sepolicy/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# label hwrotation prop to set it on init.espreso.variants.sh -sf.hwrotation u:object_r:rotation_prop:s0 diff --git a/sepolicy/variant_setup.te b/sepolicy/variant_setup.te deleted file mode 100644 index b4072ca..0000000 --- a/sepolicy/variant_setup.te +++ /dev/null @@ -1,21 +0,0 @@ -# Variant-Setup script (init.espresso.variant.sh) -type variant_setup, domain; -type variant_setup_exec, exec_type, file_type; - -init_daemon_domain(variant_setup) - -# Run init.espresso.variant.sh -allow variant_setup shell_exec:file rx_file_perms; -allow variant_setup variant_setup_exec:file rx_file_perms; - -# Talk to init over the property socket -unix_socket_connect(variant_setup, property, init) - -# Allow getprop/setprop for init.espresso.variant.sh -allow variant_setup system_file:file execute_no_trans; -allow variant_setup rotation_prop:property_service set; - -# Set accelerometer and geomagnetic position via sysfs -allow variant_setup sysfs:file write; - -allow variant_setup self:capability dac_override; -- cgit v1.1