From 491824c82435b9e22aa95da3e8a554956e3d74b6 Mon Sep 17 00:00:00 2001
From: Ziyan <jaraidaniel@gmail.com>
Date: Fri, 4 Mar 2016 03:48:25 +0100
Subject: libsensors: fix selinux denials

Moved geomagneticd calibration data to /data/sensors to allow relabeling it.

Change-Id: Ibe596b5903aa309f862a568b9876e79acaff5d19
---
 sepolicy/file.te         |  2 +-
 sepolicy/file_contexts   |  2 +-
 sepolicy/geomagneticd.te | 17 +++++++++++------
 sepolicy/orientationd.te |  6 +++---
 4 files changed, 16 insertions(+), 11 deletions(-)

(limited to 'sepolicy')

diff --git a/sepolicy/file.te b/sepolicy/file.te
index 62633e5..bb32694 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,3 +1,3 @@
 # Filesystem types
-type sensor_data_file, file_type, data_file_type;
+type sensors_data_file, file_type, data_file_type;
 type firmware_ducati, file_type; 
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 8d9d1dd..2161cde 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -14,7 +14,7 @@
 /system/bin/gpsd                            u:object_r:gpsd_exec:s0
 
 # Sensors
-/data/system/yas*.cfg                       u:object_r:sensor_data_file:s0
+/data/sensors(/.*)?                         u:object_r:sensors_data_file:s0
 /system/bin/geomagneticd                    u:object_r:geomagneticd_exec:s0
 /system/bin/orientationd                    u:object_r:orientationd_exec:s0
 
diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te
index fe1dd42..ddfa01e 100644
--- a/sepolicy/geomagneticd.te
+++ b/sepolicy/geomagneticd.te
@@ -4,9 +4,14 @@ type geomagneticd_exec, exec_type, file_type;
 
 init_daemon_domain(geomagneticd)
 
-allow geomagneticd input_device:chr_file { read open ioctl };
-allow geomagneticd input_device:dir { search read open };
-allow geomagneticd self:process { execmem };
-allow geomagneticd sensor_data_file:dir { write add_name remove_name create };
-allow geomagneticd sensor_data_file:file { create open read write getattr setattr rename };
-allow geomagneticd sysfs:file { write };
+# the sensor is an input device
+allow geomagneticd input_device:chr_file rw_file_perms;
+allow geomagneticd input_device:dir r_dir_perms;
+
+# store/read calibration data
+allow geomagneticd sensors_data_file:dir w_dir_perms;
+allow geomagneticd sensors_data_file:file create_file_perms;
+
+# read/write calibration offsets
+# TODO: create own label
+allow geomagneticd sysfs:file write;
diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te
index 672c473..9db61a5 100644
--- a/sepolicy/orientationd.te
+++ b/sepolicy/orientationd.te
@@ -4,6 +4,6 @@ type orientationd_exec, exec_type, file_type;
 
 init_daemon_domain(orientationd)
 
-allow orientationd input_device:chr_file { read write open ioctl };
-allow orientationd input_device:dir { search read open };
-allow orientationd self:process { execmem };
+# the sensor is an input device
+allow orientationd input_device:chr_file rw_file_perms;
+allow orientationd input_device:dir r_dir_perms;
-- 
cgit v1.1