diff options
-rw-r--r-- | BoardCommonConfig.mk | 5 | ||||
-rw-r--r-- | selinux/device.te | 1 | ||||
-rw-r--r-- | selinux/domain.te | 3 | ||||
-rw-r--r-- | selinux/drmserver.te | 1 | ||||
-rw-r--r-- | selinux/file_contexts | 6 | ||||
-rw-r--r-- | selinux/ueventd.te | 2 | ||||
-rw-r--r-- | selinux/vold.te | 1 |
7 files changed, 11 insertions, 8 deletions
diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk index 64869ae..8b3c344 100644 --- a/BoardCommonConfig.mk +++ b/BoardCommonConfig.mk @@ -142,10 +142,13 @@ BOARD_SEPOLICY_DIRS += \ BOARD_SEPOLICY_UNION += \ device.te \ + drmserver.te \ + ueventd.te \ domain.te \ file.te \ file_contexts \ - rild.te + rild.te \ + vold.te # Recovery BOARD_CUSTOM_RECOVERY_KEYMAPPING := ../../device/samsung/galaxys2-common/recovery/recovery_keys.c diff --git a/selinux/device.te b/selinux/device.te index cca8ee1..6de8078 100644 --- a/selinux/device.te +++ b/selinux/device.te @@ -1,3 +1,2 @@ -type mali_device, dev_type, mlstrustedobject; type rfkill_device, dev_type; type efs_block_device, dev_type; diff --git a/selinux/domain.te b/selinux/domain.te index 24e0951..ed8e129 100644 --- a/selinux/domain.te +++ b/selinux/domain.te @@ -1,6 +1,3 @@ -## /dev/mali, /dev/ump -allow domain mali_device:chr_file rw_file_perms; - ## /dev/rfkill for wpa_supp allow wpa rfkill_device:chr_file rw_file_perms; diff --git a/selinux/drmserver.te b/selinux/drmserver.te new file mode 100644 index 0000000..a456bbf --- /dev/null +++ b/selinux/drmserver.te @@ -0,0 +1 @@ +allow drmserver sdcard_external:file open; diff --git a/selinux/file_contexts b/selinux/file_contexts index 3b9f7bc..3dc49e7 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -1,7 +1,7 @@ # GFX -/dev/mali u:object_r:mali_device:s0 -/dev/ump u:object_r:mali_device:s0 -/dev/fimg2d u:object_r:mali_device:s0 +/dev/mali u:object_r:graphics_device:s0 +/dev/ump u:object_r:graphics_device:s0 +/dev/fimg2d u:object_r:graphics_device:s0 # RIL /dev/umts_boot0 u:object_r:radio_device:s0 diff --git a/selinux/ueventd.te b/selinux/ueventd.te new file mode 100644 index 0000000..95a5698 --- /dev/null +++ b/selinux/ueventd.te @@ -0,0 +1,2 @@ +allow ueventd sdcard_external:dir search; +allow ueventd sdcard_external:file r_file_perms; diff --git a/selinux/vold.te b/selinux/vold.te new file mode 100644 index 0000000..d179865 --- /dev/null +++ b/selinux/vold.te @@ -0,0 +1 @@ +allow vold sdcard_external:file rw_file_perms; |