summaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'selinux')
-rw-r--r--selinux/gpsd.te4
-rw-r--r--selinux/init.te2
-rw-r--r--selinux/macloader.te1
-rw-r--r--selinux/netd.te2
4 files changed, 9 insertions, 0 deletions
diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index a65f3da..589d15f 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -13,9 +13,13 @@ allow glgps gps_data_file:file { create rw_file_perms };
allow glgps gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
allow glgps node:udp_socket { node_bind name_bind };
+allow glgps port:tcp_socket name_connect;
+allow glgps self:tcp_socket { getopt write read };
allow glgps sysfs:file { setattr write };
allow glgps gps_device:chr_file { ioctl open read write };
allow glgps glgps:udp_socket { create bind };
+allow glgps glgps:tcp_socket { create connect };
+allow glgps fwmarkd_socket:sock_file write;
allow glgps dnsproxyd_socket:sock_file write;
allow glgps netd:unix_stream_socket connectto;
diff --git a/selinux/init.te b/selinux/init.te
index d9d20c2..795e077 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -7,6 +7,8 @@ allow init sysfs_display:lnk_file { read setattr };
allow init tmpfs:lnk_file create;
allow init sysfs_sensor:lnk_file { setattr read };
+allow init rild:process noatsecure;
+
domain_trans(init, rootfs, glgps)
domain_trans(init, rootfs, cpboot-daemon)
domain_trans(init, rootfs, tinyplay)
diff --git a/selinux/macloader.te b/selinux/macloader.te
index 580f0d1..464f201 100644
--- a/selinux/macloader.te
+++ b/selinux/macloader.te
@@ -6,3 +6,4 @@ allow macloader efs_file:dir search;
allow macloader efs_device_file:dir search;
allow macloader wifi_data_file:file { read getattr open write setattr };
allow macloader self:capability { dac_override chown fowner fsetid };
+allow macloader system_data_file:dir w_dir_perms;
diff --git a/selinux/netd.te b/selinux/netd.te
index 2fdb809..eff1d89 100644
--- a/selinux/netd.te
+++ b/selinux/netd.te
@@ -1 +1,3 @@
allow netd init:tcp_socket { read write getopt };
+allow netd glgps:fd use;
+allow netd glgps:tcp_socket { read write getopt setopt };