diff options
| author | Daniel Hillenbrand <codeworkx@cyanogenmod.org> | 2013-08-11 16:23:09 +0200 |
|---|---|---|
| committer | Daniel Hillenbrand <codeworkx@cyanogenmod.org> | 2013-08-11 16:28:40 +0200 |
| commit | 279859988403de649091978b0bff52bce153fd29 (patch) | |
| tree | 47a0266633f0c309cd73ecc76216bcb26fea091d /selinux | |
| parent | 7c04adc7ab07eba7ee0bf32dab80c5c486d9ee04 (diff) | |
| download | device_samsung_galaxys2-common-279859988403de649091978b0bff52bce153fd29.zip device_samsung_galaxys2-common-279859988403de649091978b0bff52bce153fd29.tar.gz device_samsung_galaxys2-common-279859988403de649091978b0bff52bce153fd29.tar.bz2 | |
galaxys2: add selinux policies
Change-Id: I52a914da94f5c331b4928cb2e79d8fa5a0c0c41c
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/device.te | 3 | ||||
| -rw-r--r-- | selinux/domain.te | 8 | ||||
| -rw-r--r-- | selinux/file.te | 2 | ||||
| -rw-r--r-- | selinux/file_contexts | 37 | ||||
| -rw-r--r-- | selinux/rild.te | 10 |
5 files changed, 60 insertions, 0 deletions
diff --git a/selinux/device.te b/selinux/device.te new file mode 100644 index 0000000..cca8ee1 --- /dev/null +++ b/selinux/device.te @@ -0,0 +1,3 @@ +type mali_device, dev_type, mlstrustedobject; +type rfkill_device, dev_type; +type efs_block_device, dev_type; diff --git a/selinux/domain.te b/selinux/domain.te new file mode 100644 index 0000000..24e0951 --- /dev/null +++ b/selinux/domain.te @@ -0,0 +1,8 @@ +## /dev/mali, /dev/ump +allow domain mali_device:chr_file rw_file_perms; + +## /dev/rfkill for wpa_supp +allow wpa rfkill_device:chr_file rw_file_perms; + +## Firmwares +allow ueventd { firmware_mfc }:file r_file_perms; diff --git a/selinux/file.te b/selinux/file.te new file mode 100644 index 0000000..51cf771 --- /dev/null +++ b/selinux/file.te @@ -0,0 +1,2 @@ +type radio_efs_file, fs_type; +type firmware_mfc, file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts new file mode 100644 index 0000000..36fb414 --- /dev/null +++ b/selinux/file_contexts @@ -0,0 +1,37 @@ +# GFX +/dev/mali u:object_r:mali_device:s0 +/dev/ump u:object_r:mali_device:s0 +/dev/fimg2d u:object_r:mali_device:s0 + +# NFC +/dev/pn544 u:object_r:nfc_device:s0 + +# RIL +/dev/umts_boot0 u:object_r:radio_device:s0 +/dev/umts_boot1 u:object_r:radio_device:s0 +/dev/umts_ipc0 u:object_r:radio_device:s0 +/dev/umts_ramdump0 u:object_r:radio_device:s0 +/dev/umts_rfs0 u:object_r:radio_device:s0 + +/dev/block/mmcblk0p7 u:object_r:efs_block_device:s0 + +/efs/imei/mps_code.dat u:object_r:radio_data_file:s0 +/efs/nv_data.bin u:object_r:radio_data_file:s0 +/efs/nv_data.bin.md5 u:object_r:radio_data_file:s0 +/efs/upgaddr u:object_r:efs_file:s0 + +# Bluetooth +/dev/ttySAC0 u:object_r:hci_attach_dev:s0 +/efs/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0 + +# GPS +/dev/ttySAC1 u:object_r:gps_device:s0 + +# Sensors +/dev/akm8963 u:object_r:sensors_device:s0 + +# for wpa_supp +/dev/rfkill u:object_r:rfkill_device:s0 + +# Firmwares +/system/vendor/firmware/mfc_fw.bin u:object_r:firmware_mfc:s0 diff --git a/selinux/rild.te b/selinux/rild.te new file mode 100644 index 0000000..5711ef0 --- /dev/null +++ b/selinux/rild.te @@ -0,0 +1,10 @@ +allow rild self:netlink_socket { create bind read write }; +allow rild self:netlink_route_socket { write }; +allow rild self:netlink_kobject_uevent_socket { create bind read write }; + +allow rild radio_device:chr_file rw_file_perms; + +allow rild efs_block_device:blk_file rw_file_perms; + +allow rild radio_data_file:file { read open write setattr }; +allow rild efs_file:file { read open write getattr }; |