summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCaio Schnepper <caioschnepper@gmail.com>2015-08-29 00:31:10 -0300
committerGerrit Code Review <gerrit@cyanogenmod.org>2015-09-02 16:40:38 -0700
commit1c708f0110715d9e3712122204e55ee220c5ff69 (patch)
treec926faf89edfea2140fa0c1b02406d805df992b5
parent8cb3d6004acf2cb5cb87e4ee6b71465aa255a491 (diff)
downloaddevice_samsung_galaxys2-common-1c708f0110715d9e3712122204e55ee220c5ff69.zip
device_samsung_galaxys2-common-1c708f0110715d9e3712122204e55ee220c5ff69.tar.gz
device_samsung_galaxys2-common-1c708f0110715d9e3712122204e55ee220c5ff69.tar.bz2
sepolicy: Address SELinux denials
Change-Id: Ice8f2890fbade59d063097ac3ee3647f24e8d3ad
-rw-r--r--BoardCommonConfig.mk1
-rw-r--r--selinux/healthd.te1
-rw-r--r--selinux/system_server.te1
-rw-r--r--selinux/vold.te2
4 files changed, 4 insertions, 1 deletions
diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
index fcd79df..8d6814c 100644
--- a/BoardCommonConfig.mk
+++ b/BoardCommonConfig.mk
@@ -162,6 +162,7 @@ BOARD_SEPOLICY_UNION += \
dumpstate.te \
file.te \
file_contexts \
+ healthd.te \
init.te \
kernel.te \
mediaserver.te \
diff --git a/selinux/healthd.te b/selinux/healthd.te
new file mode 100644
index 0000000..a7ec774
--- /dev/null
+++ b/selinux/healthd.te
@@ -0,0 +1 @@
+allow healthd device:dir r_dir_perms;
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 970da27..5ae729d 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -3,3 +3,4 @@ allow system_server sysfs_display:file { read write getattr open };
allow system_server efs_file:dir { search };
allow system_server efs_file:file { read open write };
allow system_server efs_device_file:dir search;
+allow system_server fuse:dir search;
diff --git a/selinux/vold.te b/selinux/vold.te
index 7bf2310..b31b92d 100644
--- a/selinux/vold.te
+++ b/selinux/vold.te
@@ -1,3 +1,3 @@
allow vold sdcard_external:file rw_file_perms;
-allow vold efs_device_file:dir rw_file_perms;
+allow vold efs_device_file:dir rw_dir_perms;
allow vold efs_device_file:file rw_file_perms;