From 279859988403de649091978b0bff52bce153fd29 Mon Sep 17 00:00:00 2001
From: Daniel Hillenbrand <codeworkx@cyanogenmod.org>
Date: Sun, 11 Aug 2013 16:23:09 +0200
Subject: galaxys2: add selinux policies

Change-Id: I52a914da94f5c331b4928cb2e79d8fa5a0c0c41c
---
 selinux/device.te     |  3 +++
 selinux/domain.te     |  8 ++++++++
 selinux/file.te       |  2 ++
 selinux/file_contexts | 37 +++++++++++++++++++++++++++++++++++++
 selinux/rild.te       | 10 ++++++++++
 5 files changed, 60 insertions(+)
 create mode 100644 selinux/device.te
 create mode 100644 selinux/domain.te
 create mode 100644 selinux/file.te
 create mode 100644 selinux/file_contexts
 create mode 100644 selinux/rild.te

(limited to 'selinux')

diff --git a/selinux/device.te b/selinux/device.te
new file mode 100644
index 0000000..cca8ee1
--- /dev/null
+++ b/selinux/device.te
@@ -0,0 +1,3 @@
+type mali_device, dev_type, mlstrustedobject;
+type rfkill_device, dev_type;
+type efs_block_device, dev_type;
diff --git a/selinux/domain.te b/selinux/domain.te
new file mode 100644
index 0000000..24e0951
--- /dev/null
+++ b/selinux/domain.te
@@ -0,0 +1,8 @@
+## /dev/mali, /dev/ump
+allow domain mali_device:chr_file rw_file_perms;
+
+## /dev/rfkill for wpa_supp
+allow wpa rfkill_device:chr_file rw_file_perms;
+
+## Firmwares
+allow ueventd { firmware_mfc }:file r_file_perms;
diff --git a/selinux/file.te b/selinux/file.te
new file mode 100644
index 0000000..51cf771
--- /dev/null
+++ b/selinux/file.te
@@ -0,0 +1,2 @@
+type radio_efs_file, fs_type;
+type firmware_mfc, file_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
new file mode 100644
index 0000000..36fb414
--- /dev/null
+++ b/selinux/file_contexts
@@ -0,0 +1,37 @@
+# GFX
+/dev/mali                               u:object_r:mali_device:s0
+/dev/ump                                u:object_r:mali_device:s0
+/dev/fimg2d                             u:object_r:mali_device:s0
+
+# NFC
+/dev/pn544                              u:object_r:nfc_device:s0
+
+# RIL
+/dev/umts_boot0                         u:object_r:radio_device:s0
+/dev/umts_boot1                         u:object_r:radio_device:s0
+/dev/umts_ipc0                          u:object_r:radio_device:s0
+/dev/umts_ramdump0                      u:object_r:radio_device:s0
+/dev/umts_rfs0                          u:object_r:radio_device:s0
+
+/dev/block/mmcblk0p7                    u:object_r:efs_block_device:s0
+
+/efs/imei/mps_code.dat                  u:object_r:radio_data_file:s0
+/efs/nv_data.bin                        u:object_r:radio_data_file:s0
+/efs/nv_data.bin.md5                    u:object_r:radio_data_file:s0
+/efs/upgaddr                            u:object_r:efs_file:s0
+
+# Bluetooth
+/dev/ttySAC0                            u:object_r:hci_attach_dev:s0
+/efs/bluetooth(/.*)?                    u:object_r:bluetooth_data_file:s0
+
+# GPS
+/dev/ttySAC1                            u:object_r:gps_device:s0
+
+# Sensors
+/dev/akm8963                            u:object_r:sensors_device:s0
+
+# for wpa_supp
+/dev/rfkill                             u:object_r:rfkill_device:s0
+
+# Firmwares
+/system/vendor/firmware/mfc_fw.bin      u:object_r:firmware_mfc:s0
diff --git a/selinux/rild.te b/selinux/rild.te
new file mode 100644
index 0000000..5711ef0
--- /dev/null
+++ b/selinux/rild.te
@@ -0,0 +1,10 @@
+allow rild self:netlink_socket { create bind read write };
+allow rild self:netlink_route_socket { write };
+allow rild self:netlink_kobject_uevent_socket { create bind read write };
+
+allow rild radio_device:chr_file rw_file_perms;
+
+allow rild efs_block_device:blk_file rw_file_perms;
+
+allow rild radio_data_file:file { read open write setattr };
+allow rild efs_file:file { read open write getattr };
-- 
cgit v1.1