summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--BoardCommonConfig.mk5
-rw-r--r--selinux/device.te1
-rw-r--r--selinux/domain.te3
-rw-r--r--selinux/drmserver.te1
-rw-r--r--selinux/file_contexts6
-rw-r--r--selinux/ueventd.te2
-rw-r--r--selinux/vold.te1
7 files changed, 11 insertions, 8 deletions
diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
index 64869ae..8b3c344 100644
--- a/BoardCommonConfig.mk
+++ b/BoardCommonConfig.mk
@@ -142,10 +142,13 @@ BOARD_SEPOLICY_DIRS += \
BOARD_SEPOLICY_UNION += \
device.te \
+ drmserver.te \
+ ueventd.te \
domain.te \
file.te \
file_contexts \
- rild.te
+ rild.te \
+ vold.te
# Recovery
BOARD_CUSTOM_RECOVERY_KEYMAPPING := ../../device/samsung/galaxys2-common/recovery/recovery_keys.c
diff --git a/selinux/device.te b/selinux/device.te
index cca8ee1..6de8078 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -1,3 +1,2 @@
-type mali_device, dev_type, mlstrustedobject;
type rfkill_device, dev_type;
type efs_block_device, dev_type;
diff --git a/selinux/domain.te b/selinux/domain.te
index 24e0951..ed8e129 100644
--- a/selinux/domain.te
+++ b/selinux/domain.te
@@ -1,6 +1,3 @@
-## /dev/mali, /dev/ump
-allow domain mali_device:chr_file rw_file_perms;
-
## /dev/rfkill for wpa_supp
allow wpa rfkill_device:chr_file rw_file_perms;
diff --git a/selinux/drmserver.te b/selinux/drmserver.te
new file mode 100644
index 0000000..a456bbf
--- /dev/null
+++ b/selinux/drmserver.te
@@ -0,0 +1 @@
+allow drmserver sdcard_external:file open;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 3b9f7bc..3dc49e7 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -1,7 +1,7 @@
# GFX
-/dev/mali u:object_r:mali_device:s0
-/dev/ump u:object_r:mali_device:s0
-/dev/fimg2d u:object_r:mali_device:s0
+/dev/mali u:object_r:graphics_device:s0
+/dev/ump u:object_r:graphics_device:s0
+/dev/fimg2d u:object_r:graphics_device:s0
# RIL
/dev/umts_boot0 u:object_r:radio_device:s0
diff --git a/selinux/ueventd.te b/selinux/ueventd.te
new file mode 100644
index 0000000..95a5698
--- /dev/null
+++ b/selinux/ueventd.te
@@ -0,0 +1,2 @@
+allow ueventd sdcard_external:dir search;
+allow ueventd sdcard_external:file r_file_perms;
diff --git a/selinux/vold.te b/selinux/vold.te
new file mode 100644
index 0000000..d179865
--- /dev/null
+++ b/selinux/vold.te
@@ -0,0 +1 @@
+allow vold sdcard_external:file rw_file_perms;