From c6c2070a9a2dff0c3aa17b1bbe97b84c70280a22 Mon Sep 17 00:00:00 2001
From: Andreas Blaesius <skate4life@gmx.de>
Date: Fri, 31 Jul 2015 11:50:02 -0700
Subject: P31XX: update SELinux Policy

Change-Id: I043758b0ddb617240824695136133c7f4f1f1673
Todo: for gps.te - Label with gps_data_file, somehow this doesn't get relabeled at the moment.
---
 sepolicy/geomagneticd.te |  1 +
 sepolicy/gpsd.te         | 10 +++-------
 sepolicy/orientationd.te |  1 +
 sepolicy/sysinit.te      |  2 ++
 4 files changed, 7 insertions(+), 7 deletions(-)
 create mode 100644 sepolicy/sysinit.te

(limited to 'sepolicy')

diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te
index 297dd33..fe1dd42 100644
--- a/sepolicy/geomagneticd.te
+++ b/sepolicy/geomagneticd.te
@@ -4,6 +4,7 @@ type geomagneticd_exec, exec_type, file_type;
 
 init_daemon_domain(geomagneticd)
 
+allow geomagneticd input_device:chr_file { read open ioctl };
 allow geomagneticd input_device:dir { search read open };
 allow geomagneticd self:process { execmem };
 allow geomagneticd sensor_data_file:dir { write add_name remove_name create };
diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te
index cefe836..6fabca6 100644
--- a/sepolicy/gpsd.te
+++ b/sepolicy/gpsd.te
@@ -3,10 +3,6 @@ allow gpsd rild:unix_stream_socket { connectto };
 allow gpsd self:process { execmem };
 allow gpsd sysfs_wake_lock:file { read write };
 
-#Label with gps_data_file
-type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_jni";
-type_transition gpsd system_data_file:dir gps_data_file ".gps.interface.pipe.to_gpsd";
-type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
-type_transition gpsd system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_gpsd";
-allow gpsd gps_data_file:fifo_file create_file_perms;
-allow gpsd gps_data_file:dir { add_name write };
+# TODO - Label with gps_data_file
+allow gpsd system_data_file:dir { write add_name };
+allow gpsd system_data_file:fifo_file { create setattr write open };
diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te
index 934f075..672c473 100644
--- a/sepolicy/orientationd.te
+++ b/sepolicy/orientationd.te
@@ -4,5 +4,6 @@ type orientationd_exec, exec_type, file_type;
 
 init_daemon_domain(orientationd)
 
+allow orientationd input_device:chr_file { read write open ioctl };
 allow orientationd input_device:dir { search read open };
 allow orientationd self:process { execmem };
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..2907f73
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1,2 @@
+# sysinit
+allow sysinit surfaceflinger_exec:file { getattr };
-- 
cgit v1.1